From f49311112447a3594c107ecf103a5d42f3c6a2d1 Mon Sep 17 00:00:00 2001
From: Paul Draeger <pad@cap3.de>
Date: Wed, 8 Oct 2025 10:07:59 +0200
Subject: [PATCH] Add CalmAV values to malware roud.rule

---
 .../alerts/malware-detection/malware-detection-data-source.ts   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/plugins/main/public/components/common/data-source/pattern/alerts/malware-detection/malware-detection-data-source.ts b/plugins/main/public/components/common/data-source/pattern/alerts/malware-detection/malware-detection-data-source.ts
index fec9e78153..d816df13ea 100644
--- a/plugins/main/public/components/common/data-source/pattern/alerts/malware-detection/malware-detection-data-source.ts
+++ b/plugins/main/public/components/common/data-source/pattern/alerts/malware-detection/malware-detection-data-source.ts
@@ -4,7 +4,7 @@ import { AlertsDataSource } from '../alerts-data-source';
 import { FILTER_OPERATOR, PatternDataSourceFilterManager } from '../../..';
 
 const MALWARE_DETECTION_GROUP_KEY = 'rule.groups';
-const MALWARE_DETECTION_GROUP_VALUES = ['rootcheck', 'virustotal', 'yara'];
+const MALWARE_DETECTION_GROUP_VALUES = ['rootcheck', 'virustotal', 'yara', 'clamd', 'freshclam', 'virus'];
 
 export class MalwareDetectionDataSource extends AlertsDataSource {
   constructor(id: string, title: string) {