Hi! I found this YARA ruleset https://raw.githubusercontent.com/mmorgens/yara/main/gen_anydesk_compromised_cert_additional_rules_feb23.yar unfortunately it uses "import "pe"" which is not supported by the yara parser in clamav.
But can those two rules be rewritten in such a way as to be usable from withn clamav (1.3.0)? -- Ralf Hildebrandt Charité - Universitätsmedizin Berlin Geschäftsbereich IT | Abteilung Netz | Netzwerk-Administration Invalidenstraße 120/121 | D-10115 Berlin Tel. +49 30 450 570 155 [email protected] https://www.charite.de _______________________________________________ Manage your clamav-users mailing list subscription / unsubscribe: https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/Cisco-Talos/clamav-documentation https://docs.clamav.net/#mailing-lists-and-chat
