We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
hi,
i'm new to yara rules, but here i get an syntax error:
yara expl_outlook_cve_2023_23397.yar /tmp/Test\ Meeting.msg expl_outlook_cve_2023_23397.yar(65): warning: $u2 is slowing down scanning expl_outlook_cve_2023_23397.yar(96): error: syntax error, unexpected _IDENTIFIER_, expecting _CONDITION_
also, is there a way to get it compatible with clamd?
clamscan /tmp/Test\ Meeting.msg LibClamAV Error: yyerror(): /var/lib/clamav/expl_outlook_cve_2023_23397.yar line 30 undefined identifier "uint32be" LibClamAV Error: yyerror(): /var/lib/clamav/expl_outlook_cve_2023_23397.yar line 72 undefined identifier "uint32be" LibClamAV Error: yyerror(): /var/lib/clamav/expl_outlook_cve_2023_23397.yar line 96 syntax error, unexpected _IDENTIFIER_, expecting _CONDITION_ LibClamAV Warning: cli_loadyara: failed to parse or load 3 yara rules from file /var/lib/clamav/expl_outlook_cve_2023_23397.yar, successfully loaded 0 rules. LibClamAV Warning: cli_loadyara: empty database file /tmp/Test Meeting.msg: OK
regards
The text was updated successfully, but these errors were encountered:
updating to newest yara removed the syntax error, but it didn't recognized my bad .msg Test Meeting.zip
Sorry, something went wrong.
are you sure that .msg triggers the exploit?
I've created the msg with this poc: https://github.com/api0cradle/CVE-2023-23397-POC-Powershell
No branches or pull requests
hi,
i'm new to yara rules, but here i get an syntax error:
also, is there a way to get it compatible with clamd?
regards
The text was updated successfully, but these errors were encountered: