Yara Rules SKIPPED 7.2.2
ccelis5215 opened this issue · 3 comments
ccelis5215 commented
Hi all,
Since february 10, noticed this warnings in yara rules updates.
Using 7.2.2 + Zimbra 8.8.15
Feb 11 12:43:15 Checking for yararulesproject updates...
Feb 11 12:43:15 Checking for updated yararulesproject database file: EK_BleedingLife.yar
Feb 11 12:43:37 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject EK_BleedingLife.yar update
Feb 11 12:43:37 No updated yararulesproject EK_BleedingLife.yar database file
Feb 11 12:43:37 Checking for updated yararulesproject database file: WShell_ASPXSpy.yar
Feb 11 12:43:59 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject WShell_ASPXSpy.yar update
Feb 11 12:43:59 No updated yararulesproject WShell_ASPXSpy.yar database file
Feb 11 12:43:59 Checking for updated yararulesproject database file: WShell_Drupalgeddon2_icos.yar
Feb 11 12:44:34 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject WShell_Drupalgeddon2_icos.yar update
Feb 11 12:44:34 No updated yararulesproject WShell_Drupalgeddon2_icos.yar database file
Feb 11 12:44:34 Checking for updated yararulesproject database file: CVE-2010-0805.yar
Feb 11 12:45:04 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2010-0805.yar update
Feb 11 12:45:04 No updated yararulesproject CVE-2010-0805.yar database file
Feb 11 12:45:04 Checking for updated yararulesproject database file: CVE-2010-0887.yar
Feb 11 12:45:39 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2010-0887.yar update
Feb 11 12:45:39 No updated yararulesproject CVE-2010-0887.yar database file
Feb 11 12:45:39 Checking for updated yararulesproject database file: CVE-2010-1297.yar
Feb 11 12:45:58 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2010-1297.yar update
Feb 11 12:45:58 No updated yararulesproject CVE-2010-1297.yar database file
Feb 11 12:45:58 Checking for updated yararulesproject database file: CVE-2012-0158.yar
Feb 11 12:46:10 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2012-0158.yar update
Feb 11 12:46:10 No updated yararulesproject CVE-2012-0158.yar database file
Feb 11 12:46:10 Checking for updated yararulesproject database file: CVE-2013-0074.yar
Feb 11 12:46:45 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2013-0074.yar update
Feb 11 12:46:45 No updated yararulesproject CVE-2013-0074.yar database file
Feb 11 12:46:45 Checking for updated yararulesproject database file: CVE-2013-0422.yar
Feb 11 12:47:38 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2013-0422.yar update
Feb 11 12:47:38 No updated yararulesproject CVE-2013-0422.yar database file
Feb 11 12:47:38 Checking for updated yararulesproject database file: CVE-2015-1701.yar
Feb 11 12:48:26 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2015-1701.yar update
Feb 11 12:48:26 No updated yararulesproject CVE-2015-1701.yar database file
Feb 11 12:48:26 Checking for updated yararulesproject database file: CVE-2015-2426.yar
Feb 11 12:48:36 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2015-2426.yar update
Feb 11 12:48:36 No updated yararulesproject CVE-2015-2426.yar database file
Feb 11 12:48:37 Checking for updated yararulesproject database file: CVE-2015-2545.yar
Feb 11 12:48:49 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2015-2545.yar update
Feb 11 12:48:49 No updated yararulesproject CVE-2015-2545.yar database file
Feb 11 12:48:49 Checking for updated yararulesproject database file: CVE-2015-5119.yar
Feb 11 12:49:13 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2015-5119.yar update
Feb 11 12:49:13 No updated yararulesproject CVE-2015-5119.yar database file
Feb 11 12:49:14 Checking for updated yararulesproject database file: CVE-2016-5195.yar
Feb 11 12:49:26 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2016-5195.yar update
Feb 11 12:49:26 No updated yararulesproject CVE-2016-5195.yar database file
Feb 11 12:49:26 Checking for updated yararulesproject database file: CVE-2017-11882.yar
Feb 11 12:49:54 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2017-11882.yar update
Feb 11 12:49:54 No updated yararulesproject CVE-2017-11882.yar database file
Feb 11 12:49:54 Checking for updated yararulesproject database file: CVE-2018-20250.yar
Feb 11 12:50:05 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2018-20250.yar update
Feb 11 12:50:05 No updated yararulesproject CVE-2018-20250.yar database file
Feb 11 12:50:05 Checking for updated yararulesproject database file: CVE-2018-4878.yar
Feb 11 12:50:46 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject CVE-2018-4878.yar update
Feb 11 12:50:46 No updated yararulesproject CVE-2018-4878.yar database file
Feb 11 12:50:46 Checking for updated yararulesproject database file: bank_rule.yar
Feb 11 12:50:57 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject bank_rule.yar update
Feb 11 12:50:57 No updated yararulesproject bank_rule.yar database file
Feb 11 12:50:57 Checking for updated yararulesproject database file: EMAIL_Cryptowall.yar
Feb 11 12:51:05 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject EMAIL_Cryptowall.yar update
Feb 11 12:51:05 No updated yararulesproject EMAIL_Cryptowall.yar database file
Feb 11 12:51:05 Checking for updated yararulesproject database file: Email_fake_it_maintenance_bulletin.yar
Feb 11 12:51:15 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject Email_fake_it_maintenance_bulletin.yar update
Feb 11 12:51:15 No updated yararulesproject Email_fake_it_maintenance_bulletin.yar database file
Feb 11 12:51:15 Checking for updated yararulesproject database file: Email_quota_limit_warning.yar
Feb 11 12:51:25 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject Email_quota_limit_warning.yar update
Feb 11 12:51:25 No updated yararulesproject Email_quota_limit_warning.yar database file
Feb 11 12:51:25 Checking for updated yararulesproject database file: email_Ukraine_BE_powerattack.yar
Feb 11 12:52:01 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject email_Ukraine_BE_powerattack.yar update
Feb 11 12:52:01 No updated yararulesproject email_Ukraine_BE_powerattack.yar database file
Feb 11 12:52:01 Checking for updated yararulesproject database file: scam.yar
Feb 11 12:52:25 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject scam.yar update
Feb 11 12:52:25 No updated yararulesproject scam.yar database file
Feb 11 12:52:25 Checking for updated yararulesproject database file: JJencode.yar
Feb 11 12:52:38 WARNING: Failed connection to https://raw.githubusercontent.com/Yara-Rules/rules/master - SKIPPED yararulesproject JJencode.yar update
Feb 11 12:52:38 No updated yararulesproject JJencode.yar database file
Feb 11 12:52:38 No yararulesproject database file updates
perplexityjeff commented
It seems that files do not exist anymore on the Yara Rules GitHub page probably because they did a restructure of the project? I am not sure.
perplexityjeff commented
I did some checks but it does seem that the script fully works with the Yara rules specified. It seems to be something on your end maybe?
Can you try and open this link and/or download the content of it on your server as a test?
https://raw.githubusercontent.com/Yara-Rules/rules/master/email/scam.yar
ccelis5215 commented
Yes, a complete blocked network...
Thanks for your time.