Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2397
Views
0
Helpful
1
Replies

Cisco AMP Logical Signature(ClamAV Engine)

Include_sys
Level 1
Level 1

‎02-22-2019 10:56 AM - edited ‎02-22-2019 10:57 AM

Hello,

I'm trying to make an Icon signature for an unwanted software. I downloaded, installed and configured ClamAV. I got multiple Icon signatures from "clamscan --debug unwanted.exe".

I can make Logical signatures(.ldb), but there is not a single example of how to use Icon signatures in Logical signatures.(and other parameters too.)

 

And I would like to know; as you know ClamAV does support YaRa rules so why AMP does not?

Regards.

1 person had this problem
Labels:
0 Helpful
1 Reply 1

Ciscouserz
Level 1
Level 1

‎12-04-2020 08:18 AM

Does anyone have any information to share on this one ?

https://www.ciscolive.com/c/dam/r/ciscolive/us/docs/2016/pdf/BRKSEC-2029.pdf

 

This above slide mentions Yara rules on page 12.

0 Helpful
Customers Also Viewed These Support Documents