• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Alternate definitions for ClamAV

Scheduled Pinned Locked Moved Cache/Proxy
43 Posts 13 Posters 23.2k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    AR15USR
    last edited by Oct 15, 2016, 3:03 AM

    Thanks IggyB..

    2.6.0-RELEASE

    1 Reply Last reply Reply Quote 0
    • A
      asterix
      last edited by Nov 15, 2016, 2:39 PM

      After updating to above settings I am getting this false positive Virus detected warning in diag_edit.php of pfSense page. How can I get rid of this?

      SquidClamav 6.10: Virus detected!

      The requested URL http://192.168.1.1/diag_edit.php contains a virus
      Virus name: Sanesecurity.Malware.26368.JsHeur.UNOFFICIAL

      This file cannot be downloaded.

      Origin: - / -

      1 Reply Last reply Reply Quote 0
      • I
        Impatient
        last edited by Nov 15, 2016, 4:40 PM

        You can try this https://forum.pfsense.org/index.php?topic=120154.msg664657#msg664657 for a temporary work around but I believe that disable's the definition.

        Otherwise you will have to contact sane security.

        1 Reply Last reply Reply Quote 0
        • A
          asterix
          last edited by Nov 15, 2016, 8:27 PM

          Thanks, that worked.

          1 Reply Last reply Reply Quote 0
          • J
            johnabbot
            last edited by Mar 12, 2017, 2:37 PM

            The alternative definitions have been triggering on iOS app updates of late.

            Has anyone else seen this behaviour?

            VIRUS FOUND Sanesecurity.Foxhole.JS_Zip_19.UNOFFICIAL

            http://appldnld.apple.com/ios10.0/091-00410-20170307-333298AC-FD56-11E6-A830-06ECE1925776/com_apple_MobileAsset_CoreSuggestions/5b0b88c6446d899e5bec5a5ac298ed55bbbf1cbb.zip

            1 Reply Last reply Reply Quote 0
            • D
              doktornotor Banned
              last edited by Mar 12, 2017, 3:05 PM

              The FPs need to be reported to the signatures maintainer. (But please understand that these things are mostly made for email AV filtering.)

              1 Reply Last reply Reply Quote 0
              • A
                AR15USR
                last edited by Mar 12, 2017, 8:14 PM

                Yes I've been getting those too. You can report it here:

                http://sanesecurity.com/support/false-positives/

                2.6.0-RELEASE

                1 Reply Last reply Reply Quote 0
                • E
                  extremeshok
                  last edited by Mar 15, 2017, 3:55 PM Mar 14, 2017, 5:15 PM

                  Hi

                  We are busy adding full support for pfsense to the next version of the script :  https://github.com/extremeshok/clamav-unofficial-sigs

                  Please post issues here: https://github.com/extremeshok/clamav-unofficial-sigs/issues/

                  1 Reply Last reply Reply Quote 0
                  • E
                    extremeshok
                    last edited by Mar 17, 2017, 1:00 PM

                    5.6.1 released with pfsense support : https://github.com/extremeshok/clamav-unofficial-sigs

                    Install guide is here : https://github.com/extremeshok/clamav-unofficial-sigs/blob/master/guides/pfsense.md

                    Version 5.6.1 (updated 2017-03-18)

eXtremeSHOK.com Maintenance
Packers/Javascript_exploit_and_obfuscation.yar false positive rating increased to HIGH
Codeclimate fixes
Incremented the config to version 73
Version 5.6 (updated 2017-03-17)

eXtremeSHOK.com Maintenance
PGP is now optional and no longer a requirement and pgp support is auto-detected
Full support for MacOS / OS X and added clamav install guide
Full support for pfSense and added clamav install guide
Added os configs for Zimbra and Debian 8 with systemd
Much better error messages with possible solutions given
Better checking of possible issues
Update all SANESECURITY signature databases
Support for clamav-devel (clamav compiled from source)
Added full proxy support to wget and curl
Replace allot of "echo | cut | sed" with bash substitutions
Added fallbacks/substitutions for various commands
xshok_file_download and xshok_draw_time_remaining functions added to replace redundant code blocks
Removed SANESECURITY mbl.ndb as this file is not showing up on the rsync mirrors
Allow exit code 23 for rsync
Major refactoring : Normalize comments, quotes, functions, conditions
Protect various arguments and "POSIX-ize" script integrity
Enhanced testing with travis-ci, including clamav 0.99
Incremented the config to version 72
                    1 Reply Last reply Reply Quote 0
                    • J
                      johnabbot
                      last edited by Mar 18, 2017, 3:52 PM

                      Thank you for this.

                      All went well here except.

                      WARNING: Failed connection to http://cdn.rfxn.com/downloads - SKIPPED linuxmalwaredetect rfxn.ndb update
                      1 Reply Last reply Reply Quote 0
                      • J
                        johnabbot
                        last edited by Mar 19, 2017, 11:43 AM

                        Hi

                        Where does Clam AV store the files it believes are viruses (or does it even)?

                        I'd like to be able to extract them to check against Virus Total / RE them etc

                        Anyone know the answer to this?

                        1 Reply Last reply Reply Quote 0
                        • J
                          johnabbot
                          last edited by Apr 29, 2017, 8:21 PM

                          Hi

                          I have an issue with a false positive, I've reported it ages ago but it keeps showing up.

                          Anyone know how to remove Sanesecurity.Foxhole?

                          The blizzard of false positives is obscuring the real viruses it catches, which is annoying.

                          Cheers

                          Jon

                          1 Reply Last reply Reply Quote 0
                          • S
                            smolka_J
                            last edited by smolka_J Apr 10, 2022, 4:34 AM Apr 10, 2022, 4:03 AM

                            I figured I would post an update on a few things to add I've found if it helps others referencing this as I did, all pulled from my running config on pfSense 22.01 and can be placed in the noted files without setting the manual config option if familiar between command line in the GUI and/or a Putty console:

                            Do not scan (streamed) videos and audios: place in "/usr/local/etc/c-icap/squidclamav.conf" and remove the # to enable the extras if wanted:

                            abort ^.*\.(wav|aiff|ogg|flac|opus|flv|f4f|m2a|mjpeg|mov|mp(2|3|4))(\?.*)?$
abort ^.*\.(avi|avs|mpg|asf|mkv|dv|m1v|m2v|m3u|pls|wmx|aac|mpeg|ogm|ogv|ts)(\?.*)?$
abortcontent ^video\/x-flv$
abortcontent ^audio\/aiff$
abortcontent ^video\/mp4$
abortcontent ^audio\/mp4$
abortcontent ^.*audio\/mp4.*$
abortcontent ^video\/webm$
abortcontent ^audio\/webm$
abortcontent ^video\/mp2t$
abortcontent ^audio\/wmx$
abortcontent ^audio\/mpeg$
abortcontent ^audio\/x-mpeg$
abortcontent ^audio\/aac$
abortcontent ^video\/x-msvideo$
abortcontent ^video\/msvideo$
abortcontent ^video\/avi$
abortcontent ^video\/mpeg$
abortcontent ^video\/x-mpeg$
abortcontent ^video\/ogg$
abortcontent ^audio\/ogg$
abortcontent ^audio\/opus$
abortcontent ^video\/mp2t$
abortcontent ^audio\/wav$
abortcontent ^video\/3gpp$
abortcontent ^audio\/3gpp$
abortcontent ^video\/3gpp2$
abortcontent ^audio\/3gpp2$
abortcontent ^video\/x-motion-jpeg$
abortcontent ^video\/x-dv$
abortcontent ^video\/x-ms-asf$
abortcontent ^video\/quicktime$
abortcontent ^.*application\/x-mms-framed.*$

# Do not scan images
#abort ^.*\.(ico|gif|png|jpg)$
#abortcontent ^image\/.*$

# Do not scan text files
#abort ^.*\.(css|xml|xsl|js|html|jsp)$
#abortcontent ^text\/.*$
#abortcontent ^application\/x-javascript$

# Do not scan streamed videos
#abortcontent ^video\/x-flv$
#abortcontent ^video\/mp4$

# Do not scan flash files
#abort ^.*\.swf$
#abortcontent ^application\/x-shockwave-flash$

# Do not scan sequence of framed Microsoft Media Server (MMS) data packets
#abortcontent ^.*application\/x-mms-framed.*$

# White list some sites
#whitelist .*\.clamav.net

                            Following Securiteinfo guide to ensure maximum detection rates, I did edit my clamd.conf and enabled the PUA option but found I first had to enable that in the GUI first before editing the suggested clamd.conf file and proceeded to do the same in the other two copies pfSense builds the running file from on reboots/reloads. Each of the following are located in "/usr/local/etc/c-icap/" :
                            "clamd.conf" "clamd.conf.default" and "clamd.conf.pfsense"
                            modified these lines:

                            DetectPUA yes
ExcludePUA PUA.Win.Packer
ExcludePUA PUA.Win.Trojan.Packed
ExcludePUA PUA.Win.Trojan.Molebox
ExcludePUA PUA.Win.Packer.Upx
ExcludePUA PUA.Doc.Packed
MaxScanSize 150M
MaxFileSize 100M
MaxRecursion 40
MaxEmbeddedPE 100M
MaxHTMLNormalize 50M
MaxScriptNormalize 50M
MaxZipTypeRcg 50M
                            S 1 Reply Last reply Apr 10, 2022, 5:13 AM Reply Quote 0
                            • S
                              smolka_J
                              last edited by smolka_J Apr 10, 2022, 4:47 AM Apr 10, 2022, 4:06 AM

                              The following DatabaseCustomURLs can be added to the freshclam conf files to gain more ClamAV signatures/definitions for more effective use, I added it to all three files to carryover through reboots/reloads. These files are located in "/usr/local/etc/" : "freshclam.conf", "freshclam.conf.pfsense", and "freshclam.conf.default" I found going this method to add these is more up to date than ExtremShoks built in list and just as much work if not easier to get fully working. I also added at the top an updated list of entries for anyone with Premium subscription to Securiteinfo's 0-Day files to make sure you get them all:

                              # Malwarepatrol - Need to signup for free and replace all x's with receipt code and remove # to enable

#DatabaseCustomURL https://lists.malwarepatrol.net/cgi/getfile?receipt=xxxxxxxxxxx&product=32&list=clamav_basic


# SecuriteInfo signatures

DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.ign2
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/javascript.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/spam_marketing.ndb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfohtml.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfoascii.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfoandroid.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfoold.hdb
DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfopdf.hdb

# Remove the below # to enable if you have Securiteinfo Premium Subscription

#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo0hour.hdb # Premium Subscription
#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.mdb # Premium Subscription
#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.pdb # Premium Subscription
#DatabaseCustomURL https://www.securiteinfo.com/get/signatures/xxxFILL_IN_YOUR_CODExx/securiteinfo.yara # Premium Subscription


## All others found working on 22.01

DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/sanesecurity.ftm
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/sigwhitelist.ign2
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/badmacro.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/blurl.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/junk.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/jurlbl.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/jurlbla.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/lott.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/phishtank.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/phish.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/scam.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/porcupine.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/porcupine.hsb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/rogue.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/bofhland_cracked_URL.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/bofhland_malware_URL.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/bofhland_phishing_URL.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/bofhland_malware_attach.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/shelter.ldb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/hackingteam.hsb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/malwarehash.hsb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/spear.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/spearl.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_phish_complete_url.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_malware.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_malware_links.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow.attachments.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_bad_cw.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_extended_malware.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_spam_complete.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow_extended_malware_links.ndb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/winnow.complex.patterns.ldb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/crdfam.clamav.hdb
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/Sanesecurity_sigtest.yara
DatabaseCustomURL https://mirror.rollernet.us/sanesecurity/Sanesecurity_spam.yara
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.ndb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.hdb
DatabaseCustomURL http://www.rfxn.com/downloads/rfxn.yara
DatabaseCustomURL https://raw.githubusercontent.com/ditekshen/detection/master/clamav/clamav.ldb
DatabaseCustomURL https://raw.githubusercontent.com/twinwave-security/twinclams/master/twinclams.ldb
DatabaseCustomURL https://raw.githubusercontent.com/twinwave-security/twinclams/master/twinwave.ign2
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Angler.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Blackhole.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_BleedingLife.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Crimepack.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Eleonore.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Fragus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Phoenix.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Sakura.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_ZeroAcces.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Zerox88.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/exploit_kits/EK_Zeus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/000_common_rules.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT1.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT10.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT17.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT29_Grizzly_Steppe.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT3102.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_APT9002.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Backspace.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Bestia.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Blackenergy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Bluetermite_Emdivi.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_C16.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Carbanak.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Careto.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Casper.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_CheshireCat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Cloudduke.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Cobalt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Codoso.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_DPRK_ROKRAT.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_DeepPanda_Anthem.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_DeputyDog.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Dubnium.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Duqu2.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_EQUATIONGRP.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Emissary.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_EnergeticBear_backdoored_ssh.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Equation.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_FVEY_ShadowBrokers_Jan17_Screen_Strings.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_FiveEyes.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Greenbug.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Hellsing.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_HiddenCobra.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Hikit.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Industroyer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Irontiger.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Kaba.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Ke3Chang_TidePool.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_LotusBlossom.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Minidionis.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Mirage.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Molerats.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Mongall.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_MoonlightMaze.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_NGO.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_OPCleaver.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Oilrig.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_OpClandestineWolf.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_OpDustStorm.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_OpPotao.yar

continued in next post...
                              1 Reply Last reply Reply Quote 0
                              • S
                                smolka_J
                                last edited by Apr 10, 2022, 4:10 AM

                                Page 2 continued DatabaseCustomURLs:

                                DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_PCclient.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Passcv.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Pipcreat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Poseidon_Group.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Prikormka.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_PutterPanda.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_RedLeaves.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Regin.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sauron_extras.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Scarab_Scieron.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Seaduke.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Snowglobe_Babar.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sofacy_Bundestag.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sofacy_Fysbis.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sofacy_Jun16.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Sphinx_Moth.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Stuxnet.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Terracota.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_ThreatGroup3390.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_TradeSecret.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Turla_Neuron.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_UP007_SLServer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Unit78020.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Waterbug.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_WildNeutron.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Windigo_Onimiki.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_Winnti.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_WoolenGoldfish.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_eqgrp_apr17.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_fancybear_dnc.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_fancybear_downdelph.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/APT_furtim.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/EXPERIMENTAL_Beef.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/GEN_PowerShell.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_ATMPot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_ATM_HelloWorld.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_AgentTesla.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_AgentTesla_SMTP.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Alina.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Andromeda.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Arkei.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Athena.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Atmos.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_BackdoorSSH.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Backoff.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Bangat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_BlackRev.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_BlackWorm.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Boouset.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Bublik.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Buzus_Softpulse.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_CAP_HookExKeylogger.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Chicken.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Citadel.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Cloaking.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Cookies.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Cxpid.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Cythosia.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_DDoSTf.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Derkziel.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Dexter.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_DiamondFox.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_DirtJumper.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Eicar.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Emotet.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Empire.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Exploit_UAC_Elevators.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Ezcob.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_F0xy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_FALLCHILL.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_FUDCrypt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_FakeM.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Fareit.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Favorite.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Gafgyt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Genome.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Gozi.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Grozlex.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Hsdfihdf_banking.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Intel_Virtualization.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_IotReaper.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Jolob_Backdoor.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_KINS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Kelihos.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_KeyBase.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Korlia.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Korplug.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Kovter.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Kraken.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Kwampirs.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Lateral_Movement.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Lenovo_Superfish.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LinuxBew.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LinuxHelios.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LinuxMoose.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LostDoor.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_LuaBot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_MSILStealer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_MacGyver.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Madness.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Magento_backend.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Magento_frontend.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Magento_suspicious.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Mailers.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_MedusaHTTP_2019.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Miancha.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_MiniAsp3_mem.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Miscelanea_Linux.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Monero_Miner_installer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_NionSpy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Notepad.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_OSX_Leverage.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_PittyTiger.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_PolishBankRat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Ponmocup.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Pony.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Predator.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_PurpleWave.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_PyPI.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Retefe.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Rockloader.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Rovnix.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Sakurel.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Sayad.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Sendsafe.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Shamoon.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Shifu.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Skeleton.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Spora.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Sqlite.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Stealer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Tedroo.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Tinba.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_TreasureHunt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_TrickBot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Trumpbot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Upatre.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Urausy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Virut_FileInfector_UNK_VERSION.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Volgmer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Wabot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_XHide.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_XMRIG_Miner.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_XOR_DDos.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Yayih.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Yordanyan_ActiveAgent.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Zegost.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_Zeus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_adwind_RAT.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_hancitor.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_kirbi_mimikatz.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_kpot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_marap.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_shifu_shiz.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_sitrof_fortis_scar.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/MALW_viotto_keylogger.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/PapaAlfa.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/RomeoEcho.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/TangoAlfa.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/UniformJuliett.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/cert_wiper.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/general.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/Operation_Blockbuster/suicidescripts.yara
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_Bernhard.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_BruteforcingBot.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_Easterjack.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_FastPOS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_LogPOS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_MalumPOS.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/POS_Mozart.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_.CRYPTXXX.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_777.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Alpha.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Cerber.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Comodosec.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Crypren.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_CryptoNar.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Cryptolocker.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_DMALocker.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_DoublePulsar_Petya.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Erebus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_GPGQwerty.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_GoldenEye.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Locky.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Maze.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_PetrWrap.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Petya.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Petya_MS17_010.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Pico.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Satana.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Shiva.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Sigma.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Snake.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_TeslaCrypt.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_Tox.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_acroware.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_jeff_dev.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_locdoor.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_screenlocker_5h311_1nj3c706.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_shrug2.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RANSOM_termite.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Adwind.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Adzok.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Asyncrat.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_BlackShades.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Bolonyokte.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Bozok.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Cerberus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Crimson.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_CyberGate.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_FlyingKitten.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Gh0st.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Gholee.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Glass.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Havex.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Indetectables.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Meterpreter_Reverse_Tcp.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Nanocore.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_NetwiredRC.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Orcus.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_PlugX.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_PoetRATDoc.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_PoetRATPython.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_PoisonIvy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Ratdecoders.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Sakula.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_ShadowTech.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Shim.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_Terminator.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_ZoxPNG.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_jRAT.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_xRAT.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/RAT_xRAT20.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Chinese_Hacktools.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Dubrute.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Gen_powerkatz.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_PassTheHash.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Pwdump.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Redteam_Tools_by_GUID.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Redteam_Tools_by_Name.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Solarwinds_credential_stealer.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_Wineggdrop.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/malware/TOOLKIT_exe2hex_payload.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-0805.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-0887.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2010-1297.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2012-0158.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2013-0074.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2013-0422.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2015-1701.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2015-2426.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2015-2545.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2015-5119.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2016-5195.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2017-11882.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2018-20250.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/cve_rules/CVE-2018-4878.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/extortion_email.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/Email_generic_phishing.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/EMAIL_Cryptowall.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/Email_fake_it_maintenance_bulletin.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/email_Ukraine_BE_powerattack.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/email/scam.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/webshells/WShell_ASPXSpy.yar
DatabaseCustomURL https://raw.githubusercontent.com/Yara-Rules/rules/master/webshells/WShell_Drupalgeddon2_icos.yar
                                1 Reply Last reply Reply Quote 0
                                • S
                                  smolka_J @smolka_J
                                  last edited by Apr 10, 2022, 5:13 AM

                                  @smoke_a_j said in Alternate definitions for ClamAV:

                                  "/usr/local/etc/c-icap/" :
                                  "clamd.conf" "clamd.conf.default" and "clamd.conf.pfsense"

                                  EDIT: need to correct myself, "clamd.conf" "clamd.conf.default" and "clamd.conf.pfsense" files are located in "/usr/local/etc/"

                                  1 Reply Last reply Reply Quote 0
                                  • JonathanLeeJ
                                    JonathanLee
                                    last edited by Jan 6, 2024, 7:40 AM

                                    Let’s say you have a machine with memory restrictions, what DB would users use to still utilize some signatures ?? A smaller memory hungry database

                                    Make sure to upvote

                                    1 Reply Last reply Reply Quote 0
                                    • First post
                                      Last post
                                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
                                      This community forum collects and processes your personal information.
                                      consent.not_received