Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Alternate definitions for ClamAV

    Scheduled Pinned Locked Moved Cache/Proxy
    43 Posts 13 Posters 24.2k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • A
      AR15USR
      last edited by

      Thanks IggyB..

      2.6.0-RELEASE

      1 Reply Last reply Reply Quote 0
      • A
        asterix
        last edited by

        After updating to above settings I am getting this false positive Virus detected warning in diag_edit.php of pfSense page. How can I get rid of this?

        SquidClamav 6.10: Virus detected!

        The requested URL http://192.168.1.1/diag_edit.php contains a virus
        Virus name: Sanesecurity.Malware.26368.JsHeur.UNOFFICIAL

        This file cannot be downloaded.

        Origin: - / -

        1 Reply Last reply Reply Quote 0
        • I
          Impatient
          last edited by

          You can try this https://forum.pfsense.org/index.php?topic=120154.msg664657#msg664657 for a temporary work around but I believe that disable's the definition.

          Otherwise you will have to contact sane security.

          1 Reply Last reply Reply Quote 0
          • A
            asterix
            last edited by

            Thanks, that worked.

            1 Reply Last reply Reply Quote 0
            • J
              johnabbot
              last edited by

              The alternative definitions have been triggering on iOS app updates of late.

              Has anyone else seen this behaviour?

              VIRUS FOUND Sanesecurity.Foxhole.JS_Zip_19.UNOFFICIAL

              http://appldnld.apple.com/ios10.0/091-00410-20170307-333298AC-FD56-11E6-A830-06ECE1925776/com_apple_MobileAsset_CoreSuggestions/5b0b88c6446d899e5bec5a5ac298ed55bbbf1cbb.zip

              1 Reply Last reply Reply Quote 0
              • D
                doktornotor Banned
                last edited by

                The FPs need to be reported to the signatures maintainer. (But please understand that these things are mostly made for email AV filtering.)

                1 Reply Last reply Reply Quote 0
                • A
                  AR15USR
                  last edited by

                  Yes I've been getting those too. You can report it here:

                  http://sanesecurity.com/support/false-positives/

                  2.6.0-RELEASE

                  1 Reply Last reply Reply Quote 0
                  • E
                    extremeshok
                    last edited by

                    Hi

                    We are busy adding full support for pfsense to the next version of the script :  https://github.com/extremeshok/clamav-unofficial-sigs

                    Please post issues here: https://github.com/extremeshok/clamav-unofficial-sigs/issues/

                    1 Reply Last reply Reply Quote 0
                    • E
                      extremeshok
                      last edited by

                      5.6.1 released with pfsense support : https://github.com/extremeshok/clamav-unofficial-sigs

                      Install guide is here : https://github.com/extremeshok/clamav-unofficial-sigs/blob/master/guides/pfsense.md

                      Version 5.6.1 (updated 2017-03-18)

eXtremeSHOK.com Maintenance
Packers/Javascript_exploit_and_obfuscation.yar false positive rating increased to HIGH
Codeclimate fixes
Incremented the config to version 73
Version 5.6 (updated 2017-03-17)

eXtremeSHOK.com Maintenance
PGP is now optional and no longer a requirement and pgp support is auto-detected
Full support for MacOS / OS X and added clamav install guide
Full support for pfSense and added clamav install guide
Added os configs for Zimbra and Debian 8 with systemd
Much better error messages with possible solutions given
Better checking of possible issues
Update all SANESECURITY signature databases
Support for clamav-devel (clamav compiled from source)
Added full proxy support to wget and curl
Replace allot of "echo | cut | sed" with bash substitutions
Added fallbacks/substitutions for various commands
xshok_file_download and xshok_draw_time_remaining functions added to replace redundant code blocks
Removed SANESECURITY mbl.ndb as this file is not showing up on the rsync mirrors
Allow exit code 23 for rsync
Major refactoring : Normalize comments, quotes, functions, conditions
Protect various arguments and "POSIX-ize" script integrity
Enhanced testing with travis-ci, including clamav 0.99
Incremented the config to version 72
                      1 Reply Last reply Reply Quote 0
                      • J
                        johnabbot
                        last edited by

                        Thank you for this.

                        All went well here except.

                        WARNING: Failed connection to http://cdn.rfxn.com/downloads - SKIPPED linuxmalwaredetect rfxn.ndb update
                        1 Reply Last reply Reply Quote 0
                        • J
                          johnabbot
                          last edited by

                          Hi

                          Where does Clam AV store the files it believes are viruses (or does it even)?

                          I'd like to be able to extract them to check against Virus Total / RE them etc

                          Anyone know the answer to this?

                          1 Reply Last reply Reply Quote 0
                          • J
                            johnabbot
                            last edited by

                            Hi

                            I have an issue with a false positive, I've reported it ages ago but it keeps showing up.

                            Anyone know how to remove Sanesecurity.Foxhole?

                            The blizzard of false positives is obscuring the real viruses it catches, which is annoying.

                            Cheers

                            Jon

                            1 Reply Last reply Reply Quote 0
                            • S
                              smolka_J
                              last edited by smolka_J

                              I figured I would post an update on a few things to add I've found if it helps others referencing this as I did, all pulled from my running config on pfSense 22.01 and can be placed in the noted files without setting the manual config option if familiar between command line in the GUI and/or a Putty console:

                              Do not scan (streamed) videos and audios: place in "/usr/local/etc/c-icap/squidclamav.conf" and remove the # to enable the extras if wanted:

                              abort ^.*\.(wav|aiff|ogg|flac|opus|flv|f4f|m2a|mjpeg|mov|mp(2|3|4))(\?.*)?$
abort ^.*\.(avi|avs|mpg|asf|mkv|dv|m1v|m2v|m3u|pls|wmx|aac|mpeg|ogm|ogv|ts)(\?.*)?$
abortcontent ^video\/x-flv$
abortcontent ^audio\/aiff$
abortcontent ^video\/mp4$
abortcontent ^audio\/mp4$
abortcontent ^.*audio\/mp4.*$
abortcontent ^video\/webm$
abortcontent ^audio\/webm$
abortcontent ^video\/mp2t$
abortcontent ^audio\/wmx$
abortcontent ^audio\/mpeg$
abortcontent ^audio\/x-mpeg$
abortcontent ^audio\/aac$
abortcontent ^video\/x-msvideo$
abortcontent ^video\/msvideo$
abortcontent ^video\/avi$
abortcontent ^video\/mpeg$
abortcontent ^video\/x-mpeg$
abortcontent ^video\/ogg$
abortcontent ^audio\/ogg$
abortcontent ^audio\/opus$
abortcontent ^video\/mp2t$
abortcontent ^audio\/wav$
abortcontent ^video\/3gpp$
abortcontent ^audio\/3gpp$
abortcontent ^video\/3gpp2$
abortcontent ^audio\/3gpp2$
abortcontent ^video\/x-motion-jpeg$
abortcontent ^video\/x-dv$
abortcontent ^video\/x-ms-asf$
abortcontent ^video\/quicktime$
abortcontent ^.*application\/x-mms-framed.*$

# Do not scan images
#abort ^.*\.(ico|gif|png|jpg)$
#abortcontent ^image\/.*$

# Do not scan text files
#abort ^.*\.(css|xml|xsl|js|html|jsp)$
#abortcontent ^text\/.*$
#abortcontent ^application\/x-javascript$

# Do not scan streamed videos
#abortcontent ^video\/x-flv$
#abortcontent ^video\/mp4$

# Do not scan flash files
#abort ^.*\.swf$
#abortcontent ^application\/x-shockwave-flash$

# Do not scan sequence of framed Microsoft Media Server (MMS) data packets
#abortcontent ^.*application\/x-mms-framed.*$

# White list some sites
#whitelist .*\.clamav.net

                              Following Securiteinfo guide to ensure maximum detection rates, I did edit my clamd.conf and enabled the PUA option but found I first had to enable that in the GUI first before editing the suggested clamd.conf file and proceeded to do the same in the other two copies pfSense builds the running file from on reboots/reloads. Each of the following are located in "/usr/local/etc/c-icap/" :
                              "clamd.conf" "clamd.conf.default" and "clamd.conf.pfsense"
                              modified these lines:

                              DetectPUA yes
ExcludePUA PUA.Win.Packer
ExcludePUA PUA.Win.Trojan.Packed
ExcludePUA PUA.Win.Trojan.Molebox
ExcludePUA PUA.Win.Packer.Upx
ExcludePUA PUA.Doc.Packed
MaxScanSize 150M
MaxFileSize 100M
MaxRecursion 40
MaxEmbeddedPE 100M
MaxHTMLNormalize 50M
MaxScriptNormalize 50M
MaxZipTypeRcg 50M
                              S 1 Reply Last reply Reply Quote 0
                              • S
                                smolka_J
                                last edited by smolka_J

                                The following DatabaseCustomURLs can be added to the freshclam conf files to gain more ClamAV signatures/definitions for more effective use, I added it to all three files to carryover through reboots/reloads. These files are located in "/usr/local/etc/" : "freshclam.conf", "freshclam.conf.pfsense", and "freshclam.conf.default" I found going this method to add these is more up to date than ExtremShoks built in list and just as much work if not easier to get fully working. I also added at the top an updated list of entries for anyone with Premium subscription to Securiteinfo's 0-Day files to make sure you get them all:

                                # Malwarepatrol - Need to signup for free and replace all x's with receipt code and remove # to enable

#DatabaseCustomURL https://lists.malwarepatrol.net/cgi/getfile?receipt=xxxxxxxxxxx&product=32&list=clamav_basic


# SecuriteInfo signatures

DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.ign2
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/javascript.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/spam_marketing.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfohtml.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfoascii.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfoandroid.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfoold.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfopdf.hdb

# Remove the below # to enable if you have Securiteinfo Premium Subscription

#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo0hour.hdb # Premium Subscription
#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.mdb # Premium Subscription
#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.pdb # Premium Subscription
#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.yara # Premium Subscription


## All others found working on 22.01

DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/sanesecurity.ftm
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/badmacro.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/blurl.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/junk.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/jurlbl.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/jurlbla.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/lott.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/phishtank.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/phish.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/scam.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/porcupine.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/porcupine.hsb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/rogue.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/bofhland_cracked_URL.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/bofhland_malware_URL.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/bofhland_phishing_URL.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/bofhland_malware_attach.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/shelter.ldb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/hackingteam.hsb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/malwarehash.hsb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/spear.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/spearl.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_phish_complete_url.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_malware.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_malware_links.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow.attachments.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_bad_cw.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_extended_malware.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_spam_complete.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_extended_malware_links.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow.complex.patterns.ldb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/crdfam.clamav.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/Sanesecurity_sigtest.yara
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/Sanesecurity_spam.yara
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.ndb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.hdb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.yara
DatabaseCustomURL https://raw.githubusercontent.com/ditekshen/detection/master/clamav/clamav.ldb
DatabaseCustomURL https://raw.githubusercontent.com/twinwave-security/twinclams/master/twinclams.ldb
DatabaseCustomURL https://raw.githubusercontent.com/twinwave-security/twinclams/master/twinwave.ign2
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Angler.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Blackhole.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_BleedingLife.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Crimepack.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Eleonore.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Fragus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Phoenix.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Sakura.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_ZeroAcces.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Zerox88.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Zeus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/000_common_rules.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT1.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT10.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT17.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT29_Grizzly_Steppe.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT3102.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT9002.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Backspace.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Bestia.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Blackenergy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Bluetermite_Emdivi.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_C16.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Carbanak.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Careto.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Casper.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_CheshireCat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Cloudduke.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Cobalt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Codoso.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_DPRK_ROKRAT.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_DeepPanda_Anthem.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_DeputyDog.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Dubnium.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Duqu2.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_EQUATIONGRP.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Emissary.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_EnergeticBear_backdoored_ssh.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Equation.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_FVEY_ShadowBrokers_Jan17_Screen_Strings.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_FiveEyes.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Greenbug.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Hellsing.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_HiddenCobra.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Hikit.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Industroyer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Irontiger.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Kaba.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Ke3Chang_TidePool.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_LotusBlossom.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Minidionis.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Mirage.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Molerats.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Mongall.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_MoonlightMaze.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_NGO.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_OPCleaver.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Oilrig.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_OpClandestineWolf.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_OpDustStorm.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_OpPotao.yar

continued in next post...
                                1 Reply Last reply Reply Quote 0
                                • S
                                  smolka_J
                                  last edited by

                                  Page 2 continued DatabaseCustomURLs:

                                  DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_PCclient.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Passcv.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Pipcreat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Poseidon_Group.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Prikormka.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_PutterPanda.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_RedLeaves.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Regin.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sauron_extras.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Scarab_Scieron.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Seaduke.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Snowglobe_Babar.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sofacy_Bundestag.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sofacy_Fysbis.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sofacy_Jun16.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sphinx_Moth.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Stuxnet.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Terracota.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_ThreatGroup3390.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_TradeSecret.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Turla_Neuron.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_UP007_SLServer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Unit78020.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Waterbug.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_WildNeutron.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Windigo_Onimiki.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Winnti.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_WoolenGoldfish.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_eqgrp_apr17.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_fancybear_dnc.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_fancybear_downdelph.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_furtim.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/EXPERIMENTAL_Beef.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/GEN_PowerShell.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_ATMPot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_ATM_HelloWorld.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_AgentTesla.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_AgentTesla_SMTP.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Alina.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Andromeda.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Arkei.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Athena.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Atmos.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_BackdoorSSH.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Backoff.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Bangat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_BlackRev.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_BlackWorm.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Boouset.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Bublik.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Buzus_Softpulse.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_CAP_HookExKeylogger.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Chicken.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Citadel.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Cloaking.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Cookies.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Cxpid.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Cythosia.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_DDoSTf.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Derkziel.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Dexter.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_DiamondFox.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_DirtJumper.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Eicar.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Emotet.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Empire.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Exploit_UAC_Elevators.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Ezcob.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_F0xy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_FALLCHILL.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_FUDCrypt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_FakeM.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Fareit.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Favorite.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Gafgyt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Genome.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Gozi.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Grozlex.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Hsdfihdf_banking.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Intel_Virtualization.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_IotReaper.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Jolob_Backdoor.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_KINS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Kelihos.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_KeyBase.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Korlia.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Korplug.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Kovter.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Kraken.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Kwampirs.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Lateral_Movement.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Lenovo_Superfish.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LinuxBew.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LinuxHelios.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LinuxMoose.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LostDoor.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LuaBot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_MSILStealer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_MacGyver.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Madness.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Magento_backend.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Magento_frontend.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Magento_suspicious.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Mailers.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_MedusaHTTP_2019.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Miancha.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_MiniAsp3_mem.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Miscelanea_Linux.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Monero_Miner_installer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_NionSpy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Notepad.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_OSX_Leverage.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_PittyTiger.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_PolishBankRat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Ponmocup.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Pony.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Predator.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_PurpleWave.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_PyPI.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Retefe.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Rockloader.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Rovnix.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Sakurel.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Sayad.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Sendsafe.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Shamoon.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Shifu.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Skeleton.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Spora.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Sqlite.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Stealer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Tedroo.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Tinba.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_TreasureHunt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_TrickBot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Trumpbot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Upatre.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Urausy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Virut_FileInfector_UNK_VERSION.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Volgmer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Wabot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_XHide.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_XMRIG_Miner.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_XOR_DDos.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Yayih.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Yordanyan_ActiveAgent.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Zegost.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Zeus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_adwind_RAT.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_hancitor.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_kirbi_mimikatz.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_kpot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_marap.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_shifu_shiz.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_sitrof_fortis_scar.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_viotto_keylogger.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/PapaAlfa.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/RomeoEcho.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/TangoAlfa.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/UniformJuliett.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/cert_wiper.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/general.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/suicidescripts.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_Bernhard.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_BruteforcingBot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_Easterjack.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_FastPOS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_LogPOS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_MalumPOS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_Mozart.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_.CRYPTXXX.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_777.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Alpha.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Cerber.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Comodosec.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Crypren.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_CryptoNar.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Cryptolocker.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_DMALocker.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_DoublePulsar_Petya.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Erebus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_GPGQwerty.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_GoldenEye.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Locky.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Maze.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_PetrWrap.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Petya.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Petya_MS17_010.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Pico.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Satana.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Shiva.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Sigma.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Snake.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_TeslaCrypt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Tox.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_acroware.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_jeff_dev.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_locdoor.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_screenlocker_5h311_1nj3c706.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_shrug2.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_termite.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Adwind.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Adzok.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Asyncrat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_BlackShades.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Bolonyokte.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Bozok.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Cerberus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Crimson.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_CyberGate.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_FlyingKitten.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Gh0st.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Gholee.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Glass.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Havex.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Indetectables.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Meterpreter_Reverse_Tcp.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Nanocore.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_NetwiredRC.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Orcus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_PlugX.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_PoetRATDoc.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_PoetRATPython.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_PoisonIvy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Ratdecoders.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Sakula.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_ShadowTech.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Shim.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Terminator.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_ZoxPNG.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_jRAT.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_xRAT.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_xRAT20.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Chinese_Hacktools.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Dubrute.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Gen_powerkatz.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_PassTheHash.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Pwdump.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Redteam_Tools_by_GUID.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Redteam_Tools_by_Name.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Solarwinds_credential_stealer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Wineggdrop.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_exe2hex_payload.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-0805.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-0887.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-1297.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2012-0158.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2013-0074.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2013-0422.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2015-1701.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2015-2426.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2015-2545.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2015-5119.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2016-5195.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2017-11882.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2018-20250.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2018-4878.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/extortion_email.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/Email_generic_phishing.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/EMAIL_Cryptowall.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/Email_fake_it_maintenance_bulletin.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/email_Ukraine_BE_powerattack.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/scam.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/webshells/WShell_ASPXSpy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/webshells/WShell_Drupalgeddon2_icos.yar
                                  1 Reply Last reply Reply Quote 0
                                  • S
                                    smolka_J @smolka_J
                                    last edited by

                                    @smoke_a_j said in Alternate definitions for ClamAV:

                                    "/usr/local/etc/c-icap/" :
                                    "clamd.conf" "clamd.conf.default" and "clamd.conf.pfsense"

                                    EDIT: need to correct myself, "clamd.conf" "clamd.conf.default" and "clamd.conf.pfsense" files are located in "/usr/local/etc/"

                                    1 Reply Last reply Reply Quote 0
                                    • JonathanLeeJ
                                      JonathanLee
                                      last edited by

                                      Let’s say you have a machine with memory restrictions, what DB would users use to still utilize some signatures ?? A smaller memory hungry database

                                      Make sure to upvote

                                      1 Reply Last reply Reply Quote 0
                                      • First post
                                        Last post
                                      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.