I couldn't find anything public. :-( Here there are rules for 3 file types only: https://github.com/godaddy/yara-rules/tree/master/utility
But keep in mind that Yara as a module called "magic" that contains the database used in libmagic (by "file" UNIX command for example): https://yara.readthedocs.io/en/v3.5.0/modules/magic.html - this should have enough signatures for most cases. Att, @MercesFernando mentebinaria.com.br <http://www.mentebinaria.com.br> --------------------------- On Fri, Nov 25, 2016 at 4:21 PM, <[email protected]> wrote: > Is there an existing rules repository for file types that can be > downloaded and used with Yara? > > For example, a file type rule for PE files: > > Rule IsPE > > { > > condition: > > // MZ signature at offset 0 and ... > > uint16(0) == 0x5A4D and > > // ... PE signature at offset stored in MZ header at 0x3C > > uint32(uint32(0x3C)) == 0x00004550 > > } > > > Thanks, > > Jim > > -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
