Replaced few Didier Stevens' YARA files with link to real source

pyllyukko · Nov 28, 2023 · 48ba65d · 48ba65d · pyllyukko · Jan 11, 2024
1 parent d679a65
commit 48ba65d
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -78,7 +78,7 @@ For a complete list you can run `ansible-playbook --list-tasks harden.yml`.
 * [ClamAV](https://www.clamav.net/) configuration (see [clamav.yml](tasks/clamav.yml))
     * Configures `clamd` & `freshclam` by first generating fresh configurations with [clamconf](https://docs.clamav.net/manual/Usage/Configuration.html#clamconf)
     * Configured ClamAV to unarchive with password "infected" (see [Passwords for archive files](https://docs.clamav.net/manual/Signatures/EncryptedArchives.html) & [ClamAV and ZIP File Decryption](https://blog.didierstevens.com/2017/02/15/quickpost-clamav-and-zip-file-decryption/))
-    * Downloads YARA rules from [Neo23x0](https://github.com/Neo23x0/signature-base), [GCTI](https://github.com/chronicle/GCTI), [Elastic](https://github.com/elastic/protections-artifacts), [YaraRules Project](https://yara-rules.github.io/blog/), [JPCERT/CC](https://github.com/JPCERTCC/jpcert-yara), [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/), [Citizen Lab](https://github.com/citizenlab/malware-signatures), [GoDaddy](https://github.com/godaddy/yara-rules) & [Open-Source-YARA-rules](https://github.com/mikesxrs/Open-Source-YARA-rules) for [ClamAV to use](https://docs.clamav.net/manual/Signatures/YaraRules.html)
+    * Downloads YARA rules from [Neo23x0](https://github.com/Neo23x0/signature-base), [GCTI](https://github.com/chronicle/GCTI), [Elastic](https://github.com/elastic/protections-artifacts), [YaraRules Project](https://yara-rules.github.io/blog/), [JPCERT/CC](https://github.com/JPCERTCC/jpcert-yara), [Malpedia](https://malpedia.caad.fkie.fraunhofer.de/), [Citizen Lab](https://github.com/citizenlab/malware-signatures), [GoDaddy](https://github.com/godaddy/yara-rules), [Didier Stevens](https://github.com/search?q=repo%3ADidierStevens%2FDidierStevensSuite+path%3A*.yara) & [Open-Source-YARA-rules](https://github.com/mikesxrs/Open-Source-YARA-rules) for [ClamAV to use](https://docs.clamav.net/manual/Signatures/YaraRules.html)
 * [rkhunter](https://sourceforge.net/projects/rkhunter/) configuration (see [rkhunter.yml](tasks/rkhunter.yml))
 * [Lynis](https://cisofy.com/lynis/) configuration (see [lynis.yml](tasks/lynis.yml))
 * Configures AIDE (see [aide.yml](tasks/aide.yml))

diff --git a/tasks/clamav.yml b/tasks/clamav.yml
@@ -2791,6 +2791,9 @@
             - https://raw.githubusercontent.com/godaddy/yara-rules/master/appraisel.yara
             - https://raw.githubusercontent.com/godaddy/yara-rules/master/mimikatz.yara
             - https://raw.githubusercontent.com/godaddy/yara-rules/master/turla.yara
+            - https://raw.githubusercontent.com/DidierStevens/DidierStevensSuite/master/maldoc.yara
+            - https://raw.githubusercontent.com/DidierStevens/DidierStevensSuite/master/contains_vbe_file.yara
+            - https://raw.githubusercontent.com/DidierStevens/DidierStevensSuite/master/contains_pe_file.yara
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/Vinsula/Vinsula_index.yara
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/plxsertr/plxsertr_index.yara
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/RSA/RSA_index.yar
@@ -3469,9 +3472,6 @@
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/kaspersky/apt_regin_dispatcher_disp_dll.yar
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/kaspersky/exploit_Silverlight_Toropov_Generic_XAP.yar
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/crysys/duqu2.yar
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/Didier%20Stevens/maldoc.yara
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/Didier%20Stevens/contains_vbe_file.yara
-            - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/Didier%20Stevens/contains_pe_file.yara
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/clearskysec/gholee.yar
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/PWC/Tendrit_2014.yar
             - https://raw.githubusercontent.com/mikesxrs/Open-Source-YARA-rules/master/PWC/MSSUP.yar