Add malware disclaimer (#728)

* Add malware disclaimer Signed-off-by: egibs <[email protected]> * Improve list delineation Signed-off-by: egibs <[email protected]> * Address PR comments Signed-off-by: egibs <[email protected]> * Add missing period Signed-off-by: egibs <[email protected]> --------- Signed-off-by: egibs <[email protected]>
chainguard-dev · Dec 30, 2024 · 4a351ed · 4a351ed
1 parent 21d162c
commit 4a351ed
Showing 1 changed file with 10 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -35,6 +35,16 @@ malcontent has 3 modes of operation:
 
 malcontent is at its best analyzing programs that run on Linux. Still, it also performs admirably for programs designed for other UNIX platforms such as macOS and, to a lesser extent, Windows.
 
+## ⚠️ Malware Disclaimer ⚠️
+
+Due to how malcontent operates, other malware scanners can detect malcontent as malicious.
+
+Programs that leverage Yara rules will often see other programs that also use Yara rules as malicious due to the strings looking for problematic behavior(s).
+
+For example, Elastic's agent has historically detected malcontent because of this: https://github.com/chainguard-dev/malcontent/issues/78*.
+
+>  \*Additional scanner findings can be seen in [this](https://www.virustotal.com/gui/file/b6f90aa5b9e7f3a5729a82f3ea35f96439691e150e0558c577a8541d3a187ba4/detection) VirusTotal scan.
+
 ## Features
 
 * 14,500+ [YARA](YARA) detection rules