Would it make sense to add a little check in https://github.com/telekom-security/malware_analysis/blob/main/plugx/plugx_mustang_panda.yar to not scan java class files? This rule is very often giving false positives on java class files.
They all starts with the magic string of 0xCAFEBABE, so it should be easy to exclude. Or should the rule be tweaked another way?
Would it make sense to add a little check in https://github.com/telekom-security/malware_analysis/blob/main/plugx/plugx_mustang_panda.yar to not scan java class files? This rule is very often giving false positives on java class files.
They all starts with the magic string of
0xCAFEBABE, so it should be easy to exclude. Or should the rule be tweaked another way?