diff --git a/rules/falco_rules.yaml b/rules/falco_rules.yaml
index 3c52bd7d..66c46cda 100644
--- a/rules/falco_rules.yaml
+++ b/rules/falco_rules.yaml
@@ -667,7 +667,7 @@
   items: [
     iptables, ps, lsb_release, check-new-relea, dumpe2fs, accounts-daemon, sshd,
     vsftpd, systemd, mysql_install_d, psql, screen, debconf-show, sa-update,
-    pam-auth-update
+    pam-auth-update, /usr/sbin/spamd
     ]
 
 # Add conditions to this macro (probably in a separate file,