Undefined identifier in malicious_document.yar

[msapiro]

Clamav reports:

LibClamAV Error: yyerror(): /var/lib/clamav/malicious_document.yar line 245 undefined identifier "uint32be"

[jholgui]

yara version?

http://yara.readthedocs.org/en/latest/writingrules.html

uint32be is a yara keyword.

[msapiro]

This is with Clamav 0.99.0.

Apparently this is an issue with the Clamav implementation of YARA. I now see their docs (sec 3.11 of https://github.com/vrtadmin/clamav-devel/blob/master/docs/signatures.pdf ) say

YARA modules are not yet supported by ClamAV. This includes the “import” keyword and any YARA module-specific keywords.

Sorry for the noise.