Ignore yara rules

Question

Ignore yara rules

deeztek opened this issue 3 years ago · 1 comments

Trying to get clamav to ignore a yara rule, in particular, YARA.invalid_trailer_structure.UNOFFICIAL due to many false positives. I've entered the following in local.ign2:

YARA.invalid_trailer_structure

but clamav seems to completely ignore it. Any idea what I'm doing wrong here?

Thanks

Answer 1 · 2022-04-11T21:21:20.000Z

Trying to get clamav to ignore a yara rule, in particular, YARA.invalid_trailer_structure.UNOFFICIAL due to many false positives. I've entered the following in local.ign2:

YARA.invalid_trailer_structure

but clamav seems to completely ignore it. Any idea what I'm doing wrong here?

Thanks

Or should it be simply:

invalid_trailer_structure