Mailing List Archive

YARA support on ClamAV
Hi,

Are they any plans to support YARA Modules in ClamAV ?

Currently YARA Modules are not supported in CalmAV
https://www.clamav.net/documents/using-yara-rules-in-clamav

Thanks
Munaf
Re: YARA support on ClamAV [ In reply to ]
Munaf,

At present we don’t have any plans to support YARA modules. We’re not against it, but with our team size, it’s not a high enough priority to put on our roadmap. If someone in the community puts in the time to implement it and submit a pull-request on GitHub to add YARA module support, we’d love the help.

Regards,
Micah


Micah Snyder
ClamAV Development
Talos
Cisco Systems, Inc.


From: clamav-users <clamav-users-bounces@lists.clamav.net> on behalf of "Munaf Ahmed (ahmedm) via clamav-users" <clamav-users@lists.clamav.net>
Reply-To: ClamAV users ML <clamav-users@lists.clamav.net>
Date: Monday, July 1, 2019 at 7:21 AM
To: "clamav-users@lists.clamav.net" <clamav-users@lists.clamav.net>
Cc: "Munaf Ahmed (ahmedm)" <ahmedm@cisco.com>
Subject: [clamav-users] YARA support on ClamAV

Hi,

Are they any plans to support YARA Modules in ClamAV ?

Currently YARA Modules are not supported in CalmAV
https://www.clamav.net/documents/using-yara-rules-in-clamav

Thanks
Munaf
Re: YARA support on ClamAV [ In reply to ]
Hello Munaf,

you can use the clamav-unofficial-sigs by extremeshok
(https://github.com/extremeshok/clamav-unofficial-sigs). The last update
of the plugin is already a while ago (2017), the signatures, including
yara, still work, because the plugin is just an interface to the signatures.

Maybe this is a help for you.

Am 01.07.19 um 13:20 schrieb Munaf Ahmed (ahmedm) via clamav-users:
>
> Hi,
>
>  
>
> Are they any plans to support YARA Modules in ClamAV ?
>
>  
>
> Currently YARA Modules are not supported in CalmAV
>
> https://www.clamav.net/documents/using-yara-rules-in-clamav
>
>  
>
> Thanks
>
> Munaf
>
>  
>
--
Bonan tagon,
Thomas Trueten http://www.trueten.de

PGP Key Id: 0xD96D6E68 available @ pgp KeyServers
Fingerprint = 6BF5 2B63 87A2 E6BA C3F3 6AF5 CC75 00D7 D96D 6E68
Threema: FS9ZFTZF jabber: trueten@riseup.net irc: spambouncer@irc.freenode.net
Re: YARA support on ClamAV [ In reply to ]
Hello Munaf,

I've to correct myself. Due to a bug in the yara definitions, they can
currently only be used to a limited extent or at best not to be used at
all. See ISSUE:
https://github.com/extremeshok/clamav-unofficial-sigs/issues/203 and
workaround:
https://github.com/extremeshok/clamav-unofficial-sigs/issues/203#issuementment-400211109

Sorry.
T.

Am 01.07.19 um 18:04 schrieb Thomas Trüten:
>
> Hello Munaf,
>
> you can use the clamav-unofficial-sigs by extremeshok
> (https://github.com/extremeshok/clamav-unofficial-sigs). The last
> update of the plugin is already a while ago (2017), the signatures,
> including yara, still work, because the plugin is just an interface to
> the signatures.
>
> Maybe this is a help for you.
>
> Am 01.07.19 um 13:20 schrieb Munaf Ahmed (ahmedm) via clamav-users:
>>
>> Hi,
>>
>>  
>>
>> Are they any plans to support YARA Modules in ClamAV ?
>>
>>  
>>
>> Currently YARA Modules are not supported in CalmAV
>>
>> https://www.clamav.net/documents/using-yara-rules-in-clamav
>>
>>  
>>
>> Thanks
>>
>> Munaf
>>
>>  
>>
> --
> Bonan tagon,
> Thomas Trueten http://www.trueten.de
>
> PGP Key Id: 0xD96D6E68 available @ pgp KeyServers
> Fingerprint = 6BF5 2B63 87A2 E6BA C3F3 6AF5 CC75 00D7 D96D 6E68
> Threema: FS9ZFTZF jabber: trueten@riseup.net irc: spambouncer@irc.freenode.net
>
> _______________________________________________
>
> clamav-users mailing list
> clamav-users@lists.clamav.net
> https://lists.clamav.net/mailman/listinfo/clamav-users
>
>
> Help us build a comprehensive ClamAV guide:
> https://github.com/vrtadmin/clamav-faq
>
> http://www.clamav.net/contact.html#ml

--
Bonan tagon,
Thomas Trueten http://www.trueten.de

PGP Key Id: 0xD96D6E68 available @ pgp KeyServers
Fingerprint = 6BF5 2B63 87A2 E6BA C3F3 6AF5 CC75 00D7 D96D 6E68
Threema: FS9ZFTZF jabber: trueten@riseup.net irc: spambouncer@irc.freenode.net