typo fix, sha1 hashes are 40 chars long

author: Julien "shaddai" Reveret 2016-06-17 10:20:45 +0200
committer: Julien "shaddai" Reveret 2016-06-17 10:20:45 +0200
commit: c97707653e73f44d21dc44b77c1eec7b27293d1a (patch)
tree: b75f55e913f56ccc23fd23a6307044d3a9211bad
parent: 16a8d8c8f2b1ad7aec0908fccb5b0c79f98743f3 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/php-malware-finder/php.yar b/php-malware-finder/php.yar
index dad427b..ab63da5 100644
--- a/php-malware-finder/php.yar
+++ b/php-malware-finder/php.yar
@@ -48,7 +48,7 @@ rule PasswordProtection
 {
    strings:
        $md5 = /md5\s*\(\s*\$_(GET|REQUEST|POST|COOKIE)[^)]+\)\s*===?\s*['"][0-9a-f]{32}['"]/ nocase
-        $sha1 = /sha1\s*\(\s*\$_(GET|REQUEST|POST|COOKIE)[^)]+\)\s*===?\s*['"][0-9a-f]{32}['"]/ nocase
+        $sha1 = /sha1\s*\(\s*\$_(GET|REQUEST|POST|COOKIE)[^)]+\)\s*===?\s*['"][0-9a-f]{40}['"]/ nocase
    condition:
        any of them
 }
author	Julien "shaddai" Reveret	2016-06-17 10:20:45 +0200
committer	Julien "shaddai" Reveret	2016-06-17 10:20:45 +0200
commit	c97707653e73f44d21dc44b77c1eec7b27293d1a (patch)
tree	b75f55e913f56ccc23fd23a6307044d3a9211bad
parent	16a8d8c8f2b1ad7aec0908fccb5b0c79f98743f3 (diff)

diff --git a/php-malware-finder/php.yar b/php-malware-finder/php.yar index dad427b..ab63da5 100644 --- a/php-malware-finder/php.yar +++ b/php-malware-finder/php.yar
@@ -48,7 +48,7 @@ rule PasswordProtection
48	{	48	{
49	strings:	49	strings:
50	$md5 = /md5\s\(\s\$_(GET\|REQUEST\|POST\|COOKIE)[^)]+\)\s===?\s['"][0-9a-f]{32}['"]/ nocase	50	$md5 = /md5\s\(\s\$_(GET\|REQUEST\|POST\|COOKIE)[^)]+\)\s===?\s['"][0-9a-f]{32}['"]/ nocase
51	$sha1 = /sha1\s\(\s\$_(GET\|REQUEST\|POST\|COOKIE)[^)]+\)\s===?\s['"][0-9a-f]{32}['"]/ nocase	51	$sha1 = /sha1\s\(\s\$_(GET\|REQUEST\|POST\|COOKIE)[^)]+\)\s===?\s['"][0-9a-f]{40}['"]/ nocase
52	condition:	52	condition:
53	any of them	53	any of them
54	}	54	}