Skip to content

Java class files and plugx false positives #6

@lars-solberg

Description

@lars-solberg

Would it make sense to add a little check in https://github.com/telekom-security/malware_analysis/blob/main/plugx/plugx_mustang_panda.yar to not scan java class files? This rule is very often giving false positives on java class files.

They all starts with the magic string of 0xCAFEBABE, so it should be easy to exclude. Or should the rule be tweaked another way?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions