ClamAV 0.99b Meets YARA!
The first beta release of ClamAV 0.99 is now on SourceForge! ClamAV 0.99 has some important new features to improve malware detection.
First, ClamAV 0.99 supports YARA rules. YARA is another popular open source project for malware detection, analysis, and classification. YARA rules, in a nutshell, contain a list of strings and a powerful logical expression called the YARA condition. A YARA condition is typically composed of logical operations upon the YARA rule’s strings, with many other condition operators available as well. YARA strings come in three flavors: literal text strings (with modifier keywords NOCASE, FULLWORD, WIDE and ASCII), hexadecimal (including wildcard and alternates, similar to substrings in ClamAV’s logical signatures), and regular expressions. The full documentation about YARA rules may be found at http://plusvic.github.io/yara/.
Please read more here: http://blog.clamav.net/2015/06/clamav-099b-meets-yara.html
Since this is such a large feature, please help us by downloading, using, and testing this feature and reporting bugs via our usual methods here: http://www.clamav.net/contact.html
--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group
http://www.talosintel.com
The first beta release of ClamAV 0.99 is now on SourceForge! ClamAV 0.99 has some important new features to improve malware detection.
First, ClamAV 0.99 supports YARA rules. YARA is another popular open source project for malware detection, analysis, and classification. YARA rules, in a nutshell, contain a list of strings and a powerful logical expression called the YARA condition. A YARA condition is typically composed of logical operations upon the YARA rule’s strings, with many other condition operators available as well. YARA strings come in three flavors: literal text strings (with modifier keywords NOCASE, FULLWORD, WIDE and ASCII), hexadecimal (including wildcard and alternates, similar to substrings in ClamAV’s logical signatures), and regular expressions. The full documentation about YARA rules may be found at http://plusvic.github.io/yara/.
Please read more here: http://blog.clamav.net/2015/06/clamav-099b-meets-yara.html
Since this is such a large feature, please help us by downloading, using, and testing this feature and reporting bugs via our usual methods here: http://www.clamav.net/contact.html
--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group
http://www.talosintel.com