rule yes_rule {
 strings:
  $y = "yes" nocase fullword

 condition:
  $y
}

rule no_rule {
 strings:
  $n = "no" nocase fullword

 condition:
  $n
}

rule hello_rule {
 strings:
  $h = "hello" nocase fullword

 condition:
  $h
}