From a3ced2936cbef7963eacc0f89a5a4f9c1a79c888 Mon Sep 17 00:00:00 2001
From: pyllyukko <pyllyukko@maimed.org>
Date: Wed, 29 Nov 2023 10:07:52 +0200
Subject: [PATCH] Blacklisted few slow YARA rules

---
 tasks/clamav.yml | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/tasks/clamav.yml b/tasks/clamav.yml
index 23ca224..86f7715 100644
--- a/tasks/clamav.yml
+++ b/tasks/clamav.yml
@@ -227,6 +227,18 @@
           maldoc_OLE_file_magic_number
           Contains_PE_File
           vmdetect_misc
+          APT28_SkinnyBoy_Dropper
+          ROKRAT_loader
+          Hancidoc
+          PoetRat_Python
+          cmstp_macro_builder_rev_a
+          js_RATDispenser
+          maldoc_indirect_function_call_2
+          maldoc_indirect_function_call_3
+          obfuscated_dde
+          Ramnit
+          FE_APT_Backdoor_Linux32_SLOWPULSE_2
+          trickbot_maldoc_embedded_dll_september_2020
       tags:
         - configuration
         - yara