On 11 June 2015 16:37:09 Steven Morgan <[email protected]> wrote:
Steve
Here is a quick demo for your question. The file names in this test are the
same as the file content:
rule basford
{
strings:
$match1 = "bbb"
$ignore1 = "nnnnn"
$ignore2 = "zbcz"
condition:
$match1 and not ($ignore1 or $ignore2)
}
smorgan@ubuntu:~/work/yara$ clamscan -d simple/basford.yar sample/
Awesome stuff... drool...
thanks for the confimation
Sorry for the rubbish phone edit :)
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
