virustotal / yara-ci-issues Goto Github PK
View Code? Open in Web Editor NEWIssues tracker for YARA-CI
Home Page: https://yara-ci.cloud.virustotal.com
Issues tracker for YARA-CI
Home Page: https://yara-ci.cloud.virustotal.com
hello,
would it be possible to raise the limit of false positives shown? it's about 200 at the moment which is quickly reached with big rulesets. and it's not like some more kilobytes of output should be a problem nowadays.
False positives found
1052023 files from the [NSRL](https://www.nist.gov/itl/ssd/software-quality-group/national-software-reference-library-nsrl) were scanned, 2004 were detected.
...
and 1812 more ...
best regards
arnim
€#/#/2
It seems the rule analysis check fails, when I use valid unicode characters. A scan with this rule works without any issues (yara 4.0.5).
Check failure on line 7 in yara/source/PHP.generic.symbols.1.yar
@virustotal-yara-ci virustotal-yara-ci / Rules Analysis
yara/source/PHP.generic.symbols.1.yar#L7
non-ascii character "\xe2"
rule PHP_generic_symbols_1 : malicious php
{
meta:
created_at = "2021/04/14"
author = "Daniel Ruf"
strings:
$string1 = "$▀"
...
condition:
any of them
}
It would be helpful to run Yara CI only for specific branches and not all.
Hey guys, this project is really cool. A great contribution to the community.
One issue I had is in finding the license agreement on using the tool. Do you guys have any documentation on how YARA rules that are tested are retained or used by VirusTotal?
hello virus total folks,
is there a way that yara-ci can be installed for github enterprise customers?
best,
xander
Same issue as reported some time back in #12 is hitting us now. It worked before but stopped working on 7th August 2023 around 12:00 CEST.
I have nothing changed and right now no new yara CI run is triggered.
Similar to the feature to ignore files it would be useful to ignore singe rules by rule name or tags to exclude rules which will trigger false positives because they're hunting rules and intentionally broad.
For example:
rules:
ignore:
- "*hunting*"
ruletags:
ignore:
- "hunt"
Hello guys, thanks for this feature, here is my config
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
files:
accept:
- "data/yara/**.yar"
false_positives:
ignore:
- rule: "CobaltStrikeBeacon"
And it always match the FP rule
https://github.com/kevoreilly/CAPEv2/runs/1538092106
any idea what could be wrong?
The whole documentation of how to install and configure YARA-CI is great. However, I feel like this sentence should be followed by some more details:
Once the application is installed, your YARA rules will be analyzed on every commit you make to the repository.
In particular: Where can you see the results of the analysis? I don't see any results and also don't receive emails. Since the installation is literally just takes a few clicks, it would be great to also have a short pointer where to look for the results.
hello,
it would be nice to see more info in the false positives list like e.g. filesize and file type because that helps in quickly getting an overview if these conditions could be used to improve the rule without clicking on all the files.
regards
arnim
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.