+# Used with documents to find if they have been crafted to leverage malicious code.
+maldocs/Maldoc_APT_OLE_JSRat.yar|HIGH
+maldocs/Maldoc_APT10_MenuPass.yar|HIGH
+maldocs/Maldoc_APT19_CVE-2017-1099.yar|HIGH
+maldocs/Maldoc_Contains_VBE_File.yar|HIGH
+maldocs/Maldoc_CVE_2017_11882.yar|HIGH
+maldocs/Maldoc_CVE_2017_8759.yar|HIGH
+maldocs/Maldoc_CVE-2017-0199.yar|HIGH
+maldocs/Maldoc_DDE.yar|HIGH
+maldocs/Maldoc_Dridex.yar|HIGH
+maldocs/Maldoc_hancitor_dropper|HIGH
+maldocs/Maldoc_Hidden_PE_file.yar|HIGH
+maldocs/Maldoc_malrtf_ole2link.yar|HIGH
+maldocs/Maldoc_MIME_ActiveMime_b64.yar|HIGH
+maldocs/Maldoc_PDF.yar|HIGH
+maldocs/Maldoc_PowerPointMouse.yar|HIGH
+maldocs/maldoc_somerules.yar|HIGH
+maldocs/Maldoc_Suspicious_OLE_target.yar|HIGH
+maldocs/Maldoc_UserForm.yar|HIGH
+maldocs/Maldoc_VBA_macro_code.yar|HIGH
+maldocs/Maldoc_Word_2007_XML_Flat_OPC.yar|HIGH
+# Yara Rules aimed to detect well-known software packers, that can be used by malware to hide itself.
+packers/Javascript_exploit_and_obfuscation.yar|HIGH
+) #END yararulesproject DATABASES
+
+declare -a yararulesproject_dbs_blacklisted=(
+email/attachment.yar # detects all emails with attachments
+email/image.yar # detects all emails with images
+email/urls.yar # detects all emails with urls
+crypto/crypto_signatures.yar # detects all files which are encrypted
+)
+
+declare -a yararulesproject_dbs_catagories=(
+#LOW
+antidebug_antivm|LOW
+cve_rules|LOW
+exploit_kits|LOW
+malware|LOW
+webshells|LOW
+#MEDIUM
+email|MEDIUM
+maldocs|MEDIUM
+# HIGH
+capabilities|HIGH
+crypto|HIGH
+packers|HIGH
+)
+