Manalyze icon indicating copy to clipboard operation
Manalyze copied to clipboard
verified publisher icon JusticeRage

error running update_clamav_signatures.py

Open smclinden opened this issue 3 years ago • 1 comments

This is a snippet of the output. It seems nearly every rule breaks this.

Rule Win.Downloader.Upatre-9937450-0 seems to be malformed. Skipping...
Rule Win.Downloader.Upatre-9937452-0 seems to be malformed. Skipping...
Rule Win.Downloader.Upatre-9937455-0 seems to be malformed. Skipping...
Rule Win.Trojan.Generic-9937463-0 seems to be malformed. Skipping...
Rule Win.Ransomware.TeslaCrypt-9937465-0 seems to be malformed. Skipping...
Rule Win.Downloader.Stantinko-9937476-0 seems to be malformed. Skipping...
Rule Win.Trojan.Emotet-9937498-0 seems to be malformed. Skipping...
Rule Win.Packed.Msilzilla-9937499-0 seems to be malformed. Skipping...

smclinden avatar Jan 27 '22 18:01 smclinden

Hi! Not all ClamAV rules can be automatically and properly converted to Yara rules. The script does its best to generate as many as it can though. Do you still end up with a working file in the end? Feel free to improve the script and submit pull requests if you think you can improve on some of these error cases.

JusticeRage avatar Jan 28 '22 16:01 JusticeRage