linux-malware-detect icon indicating copy to clipboard operation
linux-malware-detect copied to clipboard

Published 20 hours ago verified publisher icon rfxn

Add custom YARA signatures file

Open gmrfrost opened this issue 7 years ago • 2 comments

Hi,

I hope you are doing well.

YARA signatures adds an interesting resource to detect complex malware. Maybe could be of interest to everyone to add a feature to be able to use tailored YARA signatures through a file like MD5 or HEX

Best regards,

gmrfrost avatar Jun 19 '17 11:06 gmrfrost

Isn't this still possible. Setting up CLAMAV having always YARA signatures. And as i know maldetect checks if clamav is installed.

lassos avatar Jul 14 '17 21:07 lassos

It would make sense to just take all *.yara files in the sigs/ directory:

https://github.com/rfxn/linux-malware-detect/blob/c9cfe35fc88a6c7fa098b5642b4dacd08547312f/files/internals/functions#L964

The same really goes for .hex and .md5

tomsommer avatar Apr 25 '18 09:04 tomsommer