I have a rule that starts with:
rule Accept: This function is used to listen for incoming connections. This
function indicates that the program will listen for incoming connections on
a socket. It is mostly used by malware to communicate with their Command
and Communication server.
{
strings:
$a = "Accept"
condition:
any of them
}
please refer to the line that starts with rule
can I use the line above or do I have to do
rule Accept
/*
This function is used to listen for incoming connections. This function
indicates that the program will listen for incoming connections on a
socket. It is mostly used by malware to communicate with their Command and
Communication server.
*/
{
strings:
$a = "Accept"
condition:
any of them
}
I was hoping I could get yara to report out the entire line with
explanation when hit hit a match.
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
For more options, visit https://groups.google.com/d/optout.
