Didier Stevens has published a post about using ClamAV with YARA rules for hunting in NVISO Labs blog. He notes that one of the important features of ClamAV is the file decomposition capability. So if the file you want to analyze resides in an archive, or is a packed executable, then ClamAV unarchives/unpacks it, and run the YARA engine. Also you will learn how to create and deconstruct YARA rules.

Load More Related Articles
Load More In How To

Leave a Reply

Your email address will not be published. Required fields are marked *