@enthus1ast, the description of the second rule itself is crazy: "doesn't have to be a hack tool or malware - it's just very likely" :-/
I know this could start a game of cat and mouse, but is there something that can be done on the nim compiler to make it harder for these kinds of "malware detection tools" (if they can be called that) to detect nim executables by using these kinds of simple match rules? For example, can the nim compiler remove ".nim" from the names of the files it includes or something like that? Is it possible to somehow randomize the program binaries more?
