Java class files and plugx false positives

[lars-solberg]

Would it make sense to add a little check in https://github.com/telekom-security/malware_analysis/blob/main/plugx/plugx_mustang_panda.yar to not scan java class files? This rule is very often giving false positives on java class files.

They all starts with the magic string of 0xCAFEBABE, so it should be easy to exclude. Or should the rule be tweaked another way?