Public bug reported: The internal library on LibClamAV related to yara rules seems to be non- updated to the current one.
I use some rules with a uint32be condition which it doesn't supports: LibClamAV Error: yyerror(): /var/lib/clamav/yara_2.yar line 248 undefined identifier "uint32be" LibClamAV Warning: cli_loadyara: failed to parse or load 4 yara rules from file /var/lib/clamav/yara_2.yar, successfully loaded 10 rules. Looking at the yara documentation this identifier should be supported: https://yara.readthedocs.io/en/v3.5.0/writingrules.html#conditions 1) Description: Ubuntu 20.04 LTS Release: 20.04 2) libclamav9: Instalados: 0.102.3+dfsg-0ubuntu0.20.04.1 Candidato: 0.102.3+dfsg-0ubuntu0.20.04.1 Tabla de versiĆ³n: *** 0.102.3+dfsg-0ubuntu0.20.04.1 500 500 http://es.archive.ubuntu.com/ubuntu focal-updates/main amd64 Packages 500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages 100 /var/lib/dpkg/status 0.102.2+dfsg-2ubuntu1 500 500 http://es.archive.ubuntu.com/ubuntu focal/main amd64 Packages 3) ClamAV should load correctly the yara rule 4) Rule not loaded due to reported error. ** Affects: clamav (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1883857 Title: Not supported "uint32be" condition in yara rules To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/clamav/+bug/1883857/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
