YARA signatures almost got detected by every antiviruses

[lichesssatrancturkiye]

Hello I collecting YARA rules but my YARA signatures are got detected. How can I fix that? I don't want hide them.

[DavidR]

In order to help we need information and we/I can't talk about other antiviruses only if it is specific to Avast.  I have no idea what YARA rules or signatures are about.

If you are getting an Avast Alert what is the information contained in that alert.  You can attach a screenshot of the Alert window with the Details option selected.

Attaching Images to your post - When you Click the Reply button it opens a text window for you to post your comment (reply or post).
Click the Preview button, that shows what you have input and expands it to include 'Attachments and other options'. Click that it further expands, here you can attach images, etc. at the bottom of your post.
See my attached image, click to expand.

[lichesssatrancturkiye]

https://www.virustotal.com/gui/file-analysis/OTEwYjMwYjM3MmUyZjEwMmUxMWFiNjI0ZmFlMmRmODE6MTcwNDM4ODYzMw==

[DavidR]

Unfortunately the VT link didn't provide the requested information (screenshot of the alert windows with the details option selected.), all it does is confirm Avast isn't alone in detecting this.

How can I fix that? I don't want hide them.

I don't know what you mean by 'Fix' or what you mean by not wanting to 'Hide' them.

This may well just be a language issue Fix and Hide meaning something different to me.

[DavidR]

A forum friend has updated me on what Yara is.

https://www.varonis.com/blog/yara-rules

YARA rules are used to classify and identify malware samples by creating descriptions of malware families based on textual or binary patterns

https://virustotal.github.io/yara/

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic. Let's see an example:

I'm not surprised that Avast considers it suspect, it is very much the same as having a second active antivirus installed (detecting each others signatures).

[polonus]

Probably you should start to use Arya: https://claroty.com/team82/research/arya-the-new-tailor-made-eicar-using-yara

This is advisable as commercial AV also will include Yara rules for detection.

You cannot have two dogs to watch over the porch, they won't watch the porch -
they will start to fight amongst each other! (e.g. mutual detection of signatures/detection rules).

polonus