Closed josephlewis42 closed 5 months ago
I think that should be possible - any tip as to what scanner was triggering this?
The tool uses a scanner developed by ReversingLabs.
I asked because I've run into something similar with Elastic Defend—but it triggers on the YARA rules rather than the testdata.
I'm open to providing binaries - particularly if someone contributes the GitHub actions configuration to do so.
Installing
bincapz
as specified in the README usinggo install
causes go to download and save the testdata directory in its mod cache.testdata
contains samples that trigger malware scanners.Would it be possible to either distribute binaries, make it so the samples are obfuscated (e.g. in zip files with the "infected" password or encrypted), or something else to prevent this?
Thanks!