On Sun, 22 Aug 2021 20:10:00 +0100 (BST)
"G.W. Haywood via clamav-users" <clamav-users@lists.clamav.net> wrote:
> Hi there,
>
> On Sun, 22 Aug 2021, Richard Graham via clamav-users wrote:
> > On Sun, Aug 22, 2021 at 10:41 AM Zvi Kave wrote:
> >> On 8/19/2021 9:33 PM, G.W. Haywood via clamav-users wrote:
> >>> On Thu, 19 Aug 2021, Zvi Kave via clamav-users wrote:
> >>>>
> >>>> I found that yara strings like this: $re = /[0-9]{9}/
> >>>> find only first 9-digit match in file.
> >>>> This spoils my logic ...
> >>>
> >>> ... my advice is not to try anything fancy ...
> >>
> >> I understand that I have to be patient.
> >
> > I'm wondering if the --allmatch option/switch is useful here.
>
> Unfortunately I'm afraid it's a diffferent issue. Yara rules don't
> necessarily produce a match (one which ClamAV would report as FOUND)
> even if there are strings in the Yara rules which _do_ in fact match.
> The point is that you can (or should be able to) tell Yara things like
> "count the number of times the string is found in the text, and report
> if there are more than 23 of them". This sort of thing will sometimes
> work with the Yara engine in ClamAV, but my experience is that it's at
> the fancy end of the scale and I've spent hours trying to get things
> to work which would seem to be trivial exercises in regexes and logic.
Maybe ClamAV should support plugins, rather than being constrained to what's
compiled in. (There are, of course, various plugins that invoke ClamAV, but
that's not what I mean.)
_______________________________________________
clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/contact.html#ml
