reesespcres
commented
3 years ago Hi @biranpatel57 -- can you clarify what rules or rule files you have having issues with?
Open binrar opened 3 years ago
reesespcres
commented
3 years ago Hi @biranpatel57 -- can you clarify what rules or rule files you have having issues with?
binrar
commented
3 years ago I am having issues with the one rule in "all-clam.ldb"
reesespcres
commented
3 years ago Hi @biranpatel57 -- I have tested the "all-clam.ldb" file locally and can confirm on my end that there are no issues. I am using ClamAV 0.103.0 which is the latest version. I would assume that the issue is related to Cisco FireAMP. If YARA is an option, we have also provided a COSMICGALE YARA rule which essentially mirrors the ClamAV rule logic wise. This can be found here: https://github.com/fireeye/sunburst_countermeasures/blob/main/rules/COSMICGALE/yara/APT_HackTool_PS1_COSMICGALE_1.yar
I am trying to add this detection in Cisco FireAMP. I am getting an error messsage "Content invalid characters in signature". Unsure if this is a syntax issue or a problem with FireAMP.
Thoughts on how to fix this?