Hi!
I found this YARA ruleset
https://raw.githubusercontent.com/mmorgens/yara/main/gen_anydesk_compromised_cert_additional_rules_feb23.yar
unfortunately it uses "import "pe"" which is not supported by the yara
parser in clamav.
But can those two rules be rewritten in such a way as to be usable
from withn clamav (1.3.0)?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155
ralf.hildebrandt@charite.de
https://www.charite.de
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat
I found this YARA ruleset
https://raw.githubusercontent.com/mmorgens/yara/main/gen_anydesk_compromised_cert_additional_rules_feb23.yar
unfortunately it uses "import "pe"" which is not supported by the yara
parser in clamav.
But can those two rules be rewritten in such a way as to be usable
from withn clamav (1.3.0)?
--
Ralf Hildebrandt
Charité - Universitätsmedizin Berlin
Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration
Invalidenstraße 120/121 | D-10115 Berlin
Tel. +49 30 450 570 155
ralf.hildebrandt@charite.de
https://www.charite.de
_______________________________________________
Manage your clamav-users mailing list subscription / unsubscribe:
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/Cisco-Talos/clamav-documentation
https://docs.clamav.net/#mailing-lists-and-chat