Remove a useless rule

author: Julien (jvoisin) Voisin 2016-02-23 17:35:29 +0100
committer: Julien (jvoisin) Voisin 2016-02-23 17:35:29 +0100
commit: 5c581c9113c6051a9eff47cc7e564f6632888491 (patch)
tree: 84b1cff2c89602a7f4b8356d10d880237dd6ca80
parent: ee2b664e053cc51db9efbbadcdcfd61aeb62e0e7 (diff)
1 files changed, 0 insertions, 1 deletions
diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index 1a4abf6..45100c5 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -64,7 +64,6 @@ rule ObfuscatedPhp
        $c99_launcher = /;\$\w+\(\$\w+(,\s?\$\w+)+\);/  // http://bartblaze.blogspot.fr/2015/03/c99shell-not-dead.html
        $variable_variable = /\${\$[0-9a-zA-z]+}/
        $too_many_chr = /(chr\([\d]+\)\.){2,}?/
-        $b64_concat = /('[A-Za-z0-9=+]*'\.){4,8}?/    
 condition:
        any of them and not IsWhitelisted
 }
author	Julien (jvoisin) Voisin	2016-02-23 17:35:29 +0100
committer	Julien (jvoisin) Voisin	2016-02-23 17:35:29 +0100
commit	5c581c9113c6051a9eff47cc7e564f6632888491 (patch)
tree	84b1cff2c89602a7f4b8356d10d880237dd6ca80
parent	ee2b664e053cc51db9efbbadcdcfd61aeb62e0e7 (diff)

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara index 1a4abf6..45100c5 100644 --- a/php-malware-finder/malwares.yara +++ b/php-malware-finder/malwares.yara
@@ -64,7 +64,6 @@ rule ObfuscatedPhp
64	$c99_launcher = /;\$\w+\(\$\w+(,\s?\$\w+)+\);/ // http://bartblaze.blogspot.fr/2015/03/c99shell-not-dead.html	64	$c99_launcher = /;\$\w+\(\$\w+(,\s?\$\w+)+\);/ // http://bartblaze.blogspot.fr/2015/03/c99shell-not-dead.html
65	$variable_variable = /\${\$[0-9a-zA-z]+}/	65	$variable_variable = /\${\$[0-9a-zA-z]+}/
66	$too_many_chr = /(chr\([\d]+\)\.){2,}?/	66	$too_many_chr = /(chr\([\d]+\)\.){2,}?/
67	$b64_concat = /('[A-Za-z0-9=+]*'\.){4,8}?/
68	condition:	67	condition:
69	any of them and not IsWhitelisted	68	any of them and not IsWhitelisted
70	}	69	}