New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

several general issues #2

Open

omrirefaeli opened this issue Oct 23, 2019 · 1 comment

Assignees

Labels

omrirefaeli commented Oct 23, 2019

Loki IOC folder is not in the right place by default.
I should have copied it from /opt/calamity/signature-base to /opt/calamity/Loki/signature-base
calamity log always says ClamAV has some finding while the actual log of ClamAV is empty
idk if it is in your hands, but while loki operating, it has bunch of errors saying the field pe.imphash() doesnt exist in many yara rules

The text was updated successfully, but these errors were encountered:

Owner

Hestat commented Oct 27, 2019

Will take a peak into these later this week.

does seem to be an error will try to resolve in the script.
currently script will write headers for clamav and loki by default, if there is nothing below them then nothing was found. May look into adding checks for content to make output less confusing.
I believe this comes down to how the user installs yara, may be doable in the docker container, but no sure in the general script as dependent on user's base os

Hestat added the enhancement label

Hestat self-assigned this

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment