Replies: 2 comments 1 reply
-
| Thanks Tom, that's reassuring!… On Thu, Sep 15, 2022 at 2:45 AM Tom Lancaster ***@***.***> wrote:
 YARA does not contain a large number of signatures // data that might
 match on other engines, it only contains a few which are used for tests -
 you can see them here:
 https://github.com/VirusTotal/yara/tree/master/tests/data
 These are what are matching your clamscan test.
 —
 Reply to this email directly, view it on GitHub
 <#1764 (comment)>,
 or unsubscribe
 <https://github.com/notifications/unsubscribe-auth/AQVBQJ3BXSJUWABI2ED6Z23V6LH2PANCNFSM56E4Z5IA>
 .
 You are receiving this because you authored the thread.Message ID:
 ***@***.***>
 | 
Beta Was this translation helpful? Give feedback.
                  
                    1 reply
                  
                
            -
| 
 | 
Beta Was this translation helpful? Give feedback.
                  
                    0 replies
                  
                
            
  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment
  
        
    
Uh oh!
There was an error while loading. Please reload this page.
-
Hi, I'm not a security researcher, but I ran clamscan on yara and an install including yara and got the following virus warnings. I'd guess that there are no actual viruses in yara, but that clamscan is reacting to virus signatures in yara. However, it seems odd that it would react only to a few signatures while yara would contain many. Just thought I'd let you know.
.../yara-4.2.2.tar.gz: Win.Trojan.Agent-6396135-0 FOUND
.../miniconda3/lib/python3.9/site-packages/quicksand/quicksand_exploits.yara: Rtf.Exploit.CVE_2017_11882-6398227-0 FOUND
.../yara-4.2.2/tests/oss-fuzz/pe_fuzzer_corpus/clusterfuzz-testcase-minimized-5839717883969536: Win.Trojan.Agent-6396135-0 FOUND
Beta Was this translation helpful? Give feedback.
All reactions