Is it possible in Yara to write a rule that has pattern matching based on a portion of a previous match?
For example, let's say I have a regular expression: /abc([0-9]*)xyz/ Then, I also want another regular expression like this, where \1 is the exact text matched within the parens in the first expression: /blah\1/ The rule should only evaluate to true if the first expression is found AND the second expression is found containing the indicated subset from the first expression. It can be assumed that they are in order... in other words, the text matching the first expression will come before the text matching the second expression in the file. Can Yara do this, and if so, how? -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
