odin1314 / yara-project

Automatically exported from code.google.com/p/yara-project
Apache License 2.0
0 stars 0 forks source link

Use tags in rule conditions #71

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
I think that It will be very useful if we can reference rule tags in the 
condition of the rule like in this example:

rule banker_1 : malware
{
  strings:
   $a = "bankofamerica.com" 
  condition:
   $a and 2 of :banker: and 2 of :suspicious: and :packers:
}

To hit banker_1 first need to hit 2 rules with banker tag and one rule with 
suspicious tag and one from packers.

rule Trojan_Agent : malware
{
  condition:
   4 of :suspicious:
}

I think it will be handy to discover unknow malware

Original issue reported on code.google.com by golgotr...@gmail.com on 29 Jan 2013 at 10:44