search

rfxn / linux-malware-detect

Linux Malware Detection (LMD)
http://www.rfxn.com/projects/linux-malware-detect/
GNU General Public License v2.0
1.2k stars 233 forks source link

Add custom YARA signatures file #239

Open gmrfrost opened 7 years ago

gmrfrost commented 7 years ago

Hi,

I hope you are doing well.

YARA signatures adds an interesting resource to detect complex malware. Maybe could be of interest to everyone to add a feature to be able to use tailored YARA signatures through a file like MD5 or HEX

Best regards,

lassos commented 7 years ago

Isn't this still possible. Setting up CLAMAV having always YARA signatures. And as i know maldetect checks if clamav is installed.

tomsommer commented 6 years ago

It would make sense to just take all *.yara files in the sigs/ directory:

https://github.com/rfxn/linux-malware-detect/blob/c9cfe35fc88a6c7fa098b5642b4dacd08547312f/files/internals/functions#L964

The same really goes for .hex and .md5