Hi again,
I'm wondering if there is a way to match Base64 strings only when they are
'fullword', standalone.
For example:
rule base64_Example
{
strings:
$s = "setsockopt" base64 base64wide // c2V0c29ja29wdA==
condition:
$s
}
This rule will match anything containing the string "c2V0c29ja29wdA"
What if I want it to only match on the standalone base64 string "
c2V0c29ja29wdA==" ?
Obviously I could match that string literal but I was curious if it would
make sense for base64 to do this, for readability and flexibility ?
Using *fullword* with base64 modifiers does not seem to be supported.
*invalid modifier combination "base64 fullword"*
Thank you,
- Wes
--
You received this message because you are subscribed to the Google Groups
"YARA" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/yara-project/e160da25-1de2-4f07-bcd3-31ae0c50b779o%40googlegroups.com.
