Whitelist update and two little pattern fix, reported in #78

2026-06-16 12:30:35 +00:00 · 2022-07-11 20:03:53 +02:00
parent f1b8b89ca5
commit 18b06fc48b
3 changed files with 4 additions and 2 deletions
--- a/definitions/patterns_iraw.txt
+++ b/definitions/patterns_iraw.txt
@@ -16,7 +16,7 @@ opendns
 phishtank
 sophos
 surfright
-symantec
+# symantec - removed because already a TLD too so generate many false positives

 # SEO poison, pharmacy redirect
 dealonline.su
--- a/definitions/patterns_re.txt
+++ b/definitions/patterns_re.txt
@@ -60,7 +60,7 @@ chr\s*\(\s*101\s*\)\s*\.\s*chr\s*\(\s*118\s*\)\s*\.\s*chr\s*\(\s*97\s*\)\s*\.\s*

 #Detects the '_' character encoded in a string like "\x5F".  '_' is present in many functions that malware would want to hide.
 # '_' as "\x5f"
-\\[Xx](5[Ff])
+# \\[Xx](5[Ff]) - removed because generate many false positives

 #Detects the '_' character placed inside a call to the 'chr()' function
 # '_' as 'chr(95)' or 'chr(0x5f)'