Releases: chainguard-dev/malcontent
Releases · chainguard-dev/malcontent
v1.8.4
Tool Improvements
- scan: Fix panic if renderer is not set. by @wlynch in #774
- Optimize memory usage in report.go and scan.go by @egibs in #772
Rule Improvements
Developer Improvements
New Contributors
Full Changelog: v1.8.3...v1.8.4
Contributors
wlynch, egibs, and octo-sts
Assets 2
v1.8.3
v1.8.2
Tool Improvements
Developer Improvements
- chore: remove
goversion in golangci config in favor of go version in go.mod by @chenrui333 in #763
Full Changelog: v1.8.1...v1.8.2
Contributors
chenrui333 and egibs
Assets 2
v1.8.1
v1.8.0
⚠️ As of v1.8.0, malcontent leverages yara-x rather than go-yara ⚠️
Reference this section of the README for more information.
Tool Improvements
- Add support for zstd RPM files by @egibs in #732
- Update diff output to delineate between changed and unchanged files by @egibs in #726
- Add support for UPX files by @egibs in #731
- Add statistics to JSON and YAML reports by @egibs in #730
- Address more extraction edge cases; improve naming and consistency by @egibs in #733
- Migrate from go-yara to yara-x; improve performance and readability by @egibs in #734
Rule Improvements
- Update third-party rules as of 2024-12-23 by @octo-sts in #736
- Update third-party rules as of 2024-12-24 by @octo-sts in #737
- Update third-party rules as of 2024-12-30 by @octo-sts in #740
- Update third-party rules as of 2025-01-09 by @octo-sts in #748
- Update third-party rules as of 2025-01-14 by @octo-sts in #756
- Address critical false positives for systemd, redpanda, various Python packages, and yarn by @egibs in #757
Developer Improvements
- Add malware disclaimer by @egibs in #728
- Add perl to third-party Workflow by @egibs in #752
- Trust
$GITHUB_WORKSPACEin third-party Workflow by @egibs in #753 - Specify bash for PR creation; quote more strings by @egibs in #755
- Specify -H for PR creations by @egibs in #758
Full Changelog: v1.7.1...v1.8.0
Contributors
egibs and octo-sts
Assets 2
v1.7.1
v1.7.0
Tool Improvements
- Fix non-tar bz2 extractions by @egibs in #702
- Improve handling of nonexistent symlinks for extractions + programkind by @egibs in #709
- Fix prefix validation edge-case when extracting by @egibs in #715
- Add zlib support to extractGzip by @egibs in #713
Rule Improvements
- Update third-party rules as of 2024-12-12 by @octo-sts in #699
- Improve FontOnLake rule targetting by @tstromberg in #700
- Update third-party rules as of 2024-12-13 by @octo-sts in #703
- Update third-party rules as of 2024-12-16 by @octo-sts in #706
- Add more specific SVG rule by @egibs in #704
- Leverage yr scan --profile to tune slowest rules by @egibs in #708
- ELF malware detection improvements based on Wolfsbane analysis by @tstromberg in #680
- Tune HIGH/CRITICAL findings + disallow "clean" samples from matching by @tstromberg in #712
- Reduce Python CRITICAL false positives (setuptools, keylogger) by @tstromberg in #717
- Address CRITICAL ELF false-positives in trino, rust, and eza by @tstromberg in #718
- Address Sonarqube SonarAnalyzer.CSharp.dll finding by @tstromberg in #719
- Fix false-positives in http_parser.rb-0.8.0/ext/ruby_http_parser/vendor/http-parser/test.c by @tstromberg in #720
Developer Improvements
- Demote additional logs from Info to Debug by @egibs in #701
- Allow find-missing-metadata to be run from other directories by @tstromberg in #710
- Improve extracted archive file clean up by @egibs in #714
- build: reduce binary size by adding -s -w to ldflags by @chenrui333 in #716
New Contributors
- @chenrui333 made their first contribution in #716
Full Changelog: v1.6.0...v1.7.0
Contributors
tstromberg, chenrui333, and 2 other contributors
Assets 2
v1.6.0
Tool Improvements
- Correctly calculate statistics when running scans by @egibs in #649
- Fix scanning of files compressed directly via xz (as opposed to tar -J) by @egibs in #650
- Update relative path check when extracting tar archives by @egibs in #656
- Add support for .deb and .rpm files by @egibs in #668
- Ignore symlinks that point to nonexistent targets by @egibs in #669
- Improve legibility of terminal diff output by @tstromberg in #670
- Ignore JSON files, except for NPM package.json files by @tstromberg in #674
- Add new BubbleTea TUI renderer by @egibs in #665
- move "skipping: data file or empty" log message to Debug by @imjasonh in #692
- include full warning in warning log by @imjasonh in #693
Rule Improvements
- remove mantic mentions by @tstromberg in #653
- Improve Ruby detection abilities by @tstromberg in #652
- Update third-party rules as of 2024-11-25 by @octo-sts in #658
- Improve results for Javascript (xmlrpc) and Python (aiocpa) samples by @tstromberg in #664
- Update third-party rules as of 2024-12-01 by @octo-sts in #671
- Minor YARA rule tuning based on upcoming talk by @tstromberg in #673
- Enrich NodeJS detection for supply-chain attacks similar to Solana web3 v1.95.7 by @tstromberg in #678
- Initial Java support (particularly credential stealers) by @tstromberg in #679
- Improve detection of supply-chain attacks similar to Ultralytics by @tstromberg in #681
- Update third-party rules as of 2024-12-09 by @octo-sts in #684
- Update third-party rules as of 2024-12-10 by @octo-sts in #688
- Fix slow query warnings, update testdata by @tstromberg in #690
- Update third-party rules as of 2024-12-11 by @octo-sts in #695
- Address recent, non-data file false positives by @egibs in #694
Developer Improvements
- Use CachedRules in tests similarly to refresh by @egibs in #647
- Add script to find missing testdata by @tstromberg in #651
- Fix benchmarks by @egibs in #661
- Reframe README around the concept of differential analysis by @tstromberg in #663
- Replace pkg-config with pkgconf, add zypper invocation to command-line by @tstromberg in #677
New Contributors
Full Changelog: v1.5.1...v1.6.0
Contributors
tstromberg, imjasonh, and 2 other contributors
Assets 2
v1.5.1
Rule Improvements
- Remove 'threat_hunting' ruleset by @tstromberg in #645
Full Changelog: v1.5.0...v1.5.1
Contributors
tstromberg
Assets 2
v1.5.0
Tool Improvements
- Display scan results as soon as results are generated by @egibs in #617
- Properly render hits and misses by @egibs in #624
- Better handling of diffs between archives by @egibs in #626
- Make diff behave like diff(1); report consistent behaviors by @egibs in #628
Rule Improvements
- Consolidate language-specific obfuscation rules by @tstromberg in #607
- Improve results scanning for Linux malware by @tstromberg in #608
- Update third-party rules as of 2024-11-11 by @octo-sts in #614
- Improve Linux binary detection, particularly for rootkits by @tstromberg in #615
- Improve MalwareBazaar coverage (elf, python, javascript) by @tstromberg in #616
- Update third-party rules as of 2024-11-14 by @octo-sts in #621
Rule tuning based on initial Melofee analysis by @tstromberg in #622 - remove hashes from rules by @tstromberg in #625
- Add overrides for buildah, Kibana, pydevd, and tileserver-gl by @egibs in #629
- Improve detection of machO backdoors & stealers by @tstromberg in #631
- Improve Python detection for EvilDojo666 attack by @tstromberg in #635
- Update third-party rules as of 2024-11-18 by @octo-sts in #641
- Address yara-x compile findings by @egibs in #640
- Teach malcontent about more Python maliciousness by @tstromberg in #639
Developer Improvements
- Bump Go to 1.23.3; update Go packages + golangci-lint by @egibs in #610
- More coverage improvements for MalwareBazaar by @tstromberg in #618
- Use 8-core runners for tests and updating third-party rules by @egibs in #633
- Refresh sample test data via new
refreshcommand by @egibs in #634 - Don't consider .mdiff or .sdiff files in discoverTestData by @egibs in #637
Full Changelog: v1.4.0...v1.5.0
Contributors
tstromberg, egibs, and octo-sts