Add a match on `array_filter`

author: jvoisin 2015-07-13 09:42:25 +0200
committer: jvoisin 2015-07-13 09:42:43 +0200
commit: 7df2e61345e54a5fefedf1286112f46c54f83308 (patch)
tree: 63d318b2657fe6b63f653b420d0a1acc649736f7
parent: 6d6b506d1daafbfe1d3ae2964092f002ae2eee0d (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/malwares.yara b/malwares.yara
index 2aea966..1263b39 100644
--- a/malwares.yara
+++ b/malwares.yara
@@ -146,6 +146,7 @@ rule DangerousPhp
        $ = "xmlrpc_decode" fullword
        $ = "show_source" fullword
        $ = "pcntl_exec" fullword
+        $ = "array_filter" fullword
        $whitelist = /escapeshellcmd|escapeshellarg/
author	jvoisin	2015-07-13 09:42:25 +0200
committer	jvoisin	2015-07-13 09:42:43 +0200
commit	7df2e61345e54a5fefedf1286112f46c54f83308 (patch)
tree	63d318b2657fe6b63f653b420d0a1acc649736f7
parent	6d6b506d1daafbfe1d3ae2964092f002ae2eee0d (diff)

diff --git a/malwares.yara b/malwares.yara index 2aea966..1263b39 100644 --- a/malwares.yara +++ b/malwares.yara
@@ -146,6 +146,7 @@ rule DangerousPhp
146	$ = "xmlrpc_decode" fullword	146	$ = "xmlrpc_decode" fullword
147	$ = "show_source" fullword	147	$ = "show_source" fullword
148	$ = "pcntl_exec" fullword	148	$ = "pcntl_exec" fullword
		149	$ = "array_filter" fullword
149		150
150	$whitelist = /escapeshellcmd\|escapeshellarg/	151	$whitelist = /escapeshellcmd\|escapeshellarg/
151		152