YARA-CI
False positives
The false positives check sometimes produces results that are not actually false
positives, and you want to explicitly ignore them. This is usually the case with
very general rules that are expected to match innocuous files found in the
NSRL
collection used by YARA-CI. In order to ignore certain rules by name you can
add the following to your .yara-ci.yml configuration file:
false_positives:
ignore:
- rule: "my_noisy_rule"
With the configuration above any match for my_noisy_rule will be excluded
from the false positives report. Additionally, you can also ignore all the rules
contained in certain files, for example, with this configuration any file in
the noisy_rules directory won’t be taken into account:
false_positives:
ignore:
- file: "noisy_rules/**"
Filters by rule name and file path can be used in conjunction:
false_positives:
ignore:
- file: "experimental/**"
rule: "my_noisy_rule"
In the example above any rule named my_noisy_rule contained in some file in
the experimental directory will be ignored. If the rule appears in some other
file that doesn’t match the pattern it will be reported.