From 62d55042417450cb7494c143ee60d282b1d56ff7 Mon Sep 17 00:00:00 2001
From: pyllyukko <pyllyukko@maimed.org>
Date: Sun, 24 Dec 2023 11:42:20 +0200
Subject: [PATCH] Blacklisted noisy/FP prone YARA rules

---
 tasks/clamav.yml | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

diff --git a/tasks/clamav.yml b/tasks/clamav.yml
index 0d4a39b..eef3f9a 100644
--- a/tasks/clamav.yml
+++ b/tasks/clamav.yml
@@ -280,6 +280,25 @@
           shellshock_generic
           memory_shylock
           CrowdStrike_CVE_2014_4113
+          PlugX
+          misc_php_exploits
+          CryptoLocker_set1
+          silent_banker
+          Trojan
+          BLOWFISH_Constants
+          misc_hexascii_pe_in_html
+          embedded_pe
+          SHA512_Constants
+          dbgdetect_procs
+          wannacry_1
+          MachO_File_pyinstaller
+          SHA256_Constants
+          redkit_bin_basic
+          Hacktool_Strings_p0wnedShell
+          TrojanDownloaderCbeplaySample
+          mime_mso
+          CrowdStrike_CVE_2014_4113
+          WHIRLPOOL_Constants
       tags:
         - configuration
         - yara