You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+7-19Lines changed: 7 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -37,25 +37,13 @@ malcontent is at its best analyzing programs that run on Linux. Still, it also p
37
37
38
38
## ⚠️ Malware Disclaimer ⚠️
39
39
40
-
Due to how malcontent operates, other malware scanners can detect malcontent as malicious. As a general rule of thumb, programs that leverage Yara rules will match other programs that use the same rules due to their strings looking for problematic behaviors.
41
-
42
-
While not exhaustive, here's an example list of how other scanners see malcontent (based on [this](https://www.virustotal.com/gui/file/b6f90aa5b9e7f3a5729a82f3ea35f96439691e150e0558c577a8541d3a187ba4/detection) VirusTotal scan:
- SentinelOne (Static ML): `Static AI - Malicious Mach-O`
54
-
- WithSecure: `Malware.OSX/GM.Joker.DS`
55
-
56
-
Elastic's Agent has also historically detected malcontent because of this: https://github.com/chainguard-dev/malcontent/issues/78
57
-
58
-
While not a permanent solution, running malcontent with `--third-party=false` can reduce these false positives. Writing more targeted rules can also help.
40
+
Due to how malcontent operates, other malware scanners can detect malcontent as malicious.
41
+
42
+
Programs that leverage Yara rules will often see other programs that also use Yara rules as malicious due to the strings looking for problematic behavior(s).
43
+
44
+
For example, Elastic's agent has historically detected malcontent because of this: https://github.com/chainguard-dev/malcontent/issues/78*
45
+
46
+
> \*Additional scanner findings can be seen in [this](https://www.virustotal.com/gui/file/b6f90aa5b9e7f3a5729a82f3ea35f96439691e150e0558c577a8541d3a187ba4/detection) VirusTotal scan.
0 commit comments