515 B

Raw Blame History

ClamAV

Can be started with custom database or yara rules

Hashes Database

*.hdb is a database containing hashes. Can be customized and scanned against

Yara Rules

Custom *.yara rules can be set. An example

rule example {
	meta:
		author = "Gabe Newell"
		description = "Look at how the Yara rule works with ClamAV"
	strings:
		$string = "a-string-found-inside-the-malicious-binary"
        $file_signature = "magic-number-in-ascii"
	condition:
		#file_signature at 0 and $string
}