Just as a side note, normal rules are catching the samples, so I don't know if it would display both YARA and the others. Here's what the samples show without YARA: ./CYBER1be0b96d502c268cb40da97a16952d89674a9329cb60bac81a96e01cf7356830.EXE: Win.Ransomware.WannaCry-6313053-0 FOUND ./CYBERed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.EXE: Win.Trojan.Agent-6312832-0 FOUND
I tested with one YARA script I saw on twitter (Florian Roth), but it didn't catch them, so I can't really help out more. Don't know if that's my end or not, just a default install with Homebrew on OSX to test it out. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 _______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml