Function classify_signal_handler 

pub fn classify_signal_handler(signal: u32, handler: u64) -> bool

Classify whether a signal handler configuration is suspicious.

Flags SIG_IGN for SIGTERM/SIGHUP (anti-termination), custom handlers for SIGSEGV (self-healing), and any SIGKILL handler (rootkit indicator).