/* finding a string in a file */
rule this_program_cannot
{
meta:
	author = "sir"
	date = "20110429"
	type = "PE"
	description = "Executable file"
	trigger = "true"
strings:
	$a = "This program cannot"
condition:
	$a
}