Open siemhermans opened 3 years ago
ClamAV seems to experience issues when reading the ruleset from APT_Dropper_Raw64_TEARDROP_1.yar on Ubuntu 18.04.5 LTS. All other Yara rulesets work without issues.
APT_Dropper_Raw64_TEARDROP_1.yar
$ clamscan -ir -d APT_Dropper_Raw64_TEARDROP_1.yar / LibClamAV Error: parse_yara_hex_string: Single byte subpatterns unsupported in ClamAV LibClamAV Error: load_oneyara: error in parsing yara hex string LibClamAV Warning: load_oneyara: clamav cannot support 1 input strings, skipping YARA.APT_Dropper_Raw64_TEARDROP_1 LibClamAV Warning: cli_loadyara: problem parsing yara file APT_Dropper_Raw64_TEARDROP_1.yar, yara rule APT_Dropper_Raw64_TEARDROP_1 LibClamAV Error: Can't load APT_Dropper_Raw64_TEARDROP_1.yar: Malformed database ERROR: Malformed database ----------- SCAN SUMMARY ----------- Known viruses: 0 Engine version: 0.102.4 Scanned directories: 0 Scanned files: 0 Infected files: 0 Data scanned: 0.00 MB Data read: 0.00 MB (ratio 0.00:1) Time: 0.006 sec (0 m 0 s) $ clamscan --version ClamAV 0.102.4/26024/Mon Dec 21 13:48:10 2020
ClamAV seems to experience issues when reading the ruleset from
APT_Dropper_Raw64_TEARDROP_1.yar
on Ubuntu 18.04.5 LTS. All other Yara rulesets work without issues.