Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

YARA rule davivienda can be problematic #399

Open
kprkpr opened this issue Aug 19, 2021 · 1 comment
Open

YARA rule davivienda can be problematic #399

kprkpr opened this issue Aug 19, 2021 · 1 comment

Comments

@kprkpr
Copy link

kprkpr commented Aug 19, 2021

Hi guys
I have all rules and yara rules enabled and the rule YARA.davivienda can be problematic in business environments. There is a real bank called Davivienda, and everytime someone sends a mail with this name, mail is not delivered and says that is a virus
There is any way to disable a yara rule? I tried with "-w" option and putting YARA.davivienda, but nothing
The rule is in file bank_rule.yar

Thanks!
@perplexityjeff
Copy link
Contributor

Hi @kprkpr,

If you edit the yar file itself it will get autoupdated back again so I would suggest either reporting the issue to the original repo here https://github.com/Yara-Rules/rules or disabling the bank_rule.yar.

The disabling of the bank_rule.yar is very simple to do in the master.config by changing the line
email/bank_rule.yar|MEDIUM to email/bank_rule.yar|DISABLED. I don't think you can disable a specific yar file from the user.conf?

Maybe there is another way? @extremeshok could correct me :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@kprkpr @perplexityjeff