search

chainguard-dev / bincapz

detect malicious program behaviors
Apache License 2.0
404 stars 26 forks source link

high false positive: combo/backdoor/net_term with argo, chezmoi, clickhouse #135

Closed tstromberg closed 4 months ago

tstromberg commented 4 months ago

I like the general idea of this rule, but wonder if there is something we could do to improve it:

## packages/x86_64/argo-workflow-executor-3.5/usr/bin/argoexec
## packages/x86_64/chezmoi-2.47/usr/bin/chezmoi
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-benchmark
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-client
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-compressor
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-copier
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-disks
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-format
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-git-import
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-keeper
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-keeper-client
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-keeper-converter
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-library-bridge
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-local
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-obfuscator
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-odbc-bridge
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-server
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-static-files-disk-uploader
## packages/x86_64/clickhouse-23-23.8/usr/bin/clickhouse-su
## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse
## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-benchmark
## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-client
## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-compressor
## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-copier
## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-disks
## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-format
## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-git-import
## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-keeper
## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-keeper-client
## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-keeper-converter
## packages/x86_64/clickhouse-24-24.1/usr/bin/clickhouse-local