Yara rules

trippy cow

Having upgraded to stretch (my blog) i discovered that i could now use yara rules since yara is now packaged.

The zoo’s config was lacking directories and the this-andthat or that_something meant i had to create some new directories but it appears after a day or so i will have extra strings to inspect in inbound messages.

Yara rules are distributed but not widely advertised so i might be missing some important files but it is nice to have the extra functionality for the future..