Mailing List Archive

ClamAV® blog: ClamAV 0.99b Meets YARA!
ClamAV 0.99b Meets YARA!
The first beta release of ClamAV 0.99 is now on SourceForge! ClamAV 0.99 has some important new features to improve malware detection.

First, ClamAV 0.99 supports YARA rules. YARA is another popular open source project for malware detection, analysis, and classification. YARA rules, in a nutshell, contain a list of strings and a powerful logical expression called the YARA condition. A YARA condition is typically composed of logical operations upon the YARA rule’s strings, with many other condition operators available as well. YARA strings come in three flavors: literal text strings (with modifier keywords NOCASE, FULLWORD, WIDE and ASCII), hexadecimal (including wildcard and alternates, similar to substrings in ClamAV’s logical signatures), and regular expressions. The full documentation about YARA rules may be found at

Please read more here:

Since this is such a large feature, please help us by downloading, using, and testing this feature and reporting bugs via our usual methods here:

Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group