Fix php-malware-finder for yara > 4.0.0

author: jvoisin 2020-04-03 17:45:28 +0200
committer: jvoisin 2020-04-03 17:45:59 +0200
commit: 08214fc5242df1616355c8bdb16ab367be970f42 (patch)
tree: 23a1dbabfd63447239838fed49d9532dacdc8840
parent: 8c6c048eecb1bb4d74002e939d81df13321273e6 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/php-malware-finder/php.yar b/php-malware-finder/php.yar
index 029aaf9..de5b1f7 100644
--- a/php-malware-finder/php.yar
+++ b/php-malware-finder/php.yar
@@ -206,7 +206,7 @@ private rule IRC
        5 of them
 }
-private rule base64
+private rule b64
 {
    strings:
        $user_agent = "SFRUUF9VU0VSX0FHRU5UCg"
@@ -268,7 +268,7 @@ private rule strrev
 rule SuspiciousEncoding
 {
    condition:
-        (base64 or hex or strrev or Hpack) and not IsWhitelisted
+        (b64 or hex or strrev or Hpack) and not IsWhitelisted
 }
 rule DodgyStrings
author	jvoisin	2020-04-03 17:45:28 +0200
committer	jvoisin	2020-04-03 17:45:59 +0200
commit	08214fc5242df1616355c8bdb16ab367be970f42 (patch)
tree	23a1dbabfd63447239838fed49d9532dacdc8840
parent	8c6c048eecb1bb4d74002e939d81df13321273e6 (diff)

diff --git a/php-malware-finder/php.yar b/php-malware-finder/php.yar index 029aaf9..de5b1f7 100644 --- a/php-malware-finder/php.yar +++ b/php-malware-finder/php.yar
@@ -206,7 +206,7 @@ private rule IRC
206	5 of them	206	5 of them
207	}	207	}
208		208
209	private rule base64	209	private rule b64
210	{	210	{
211	strings:	211	strings:
212	$user_agent = "SFRUUF9VU0VSX0FHRU5UCg"	212	$user_agent = "SFRUUF9VU0VSX0FHRU5UCg"
@@ -268,7 +268,7 @@ private rule strrev
268	rule SuspiciousEncoding	268	rule SuspiciousEncoding
269	{	269	{
270	condition:	270	condition:
271	(base64 or hex or strrev or Hpack) and not IsWhitelisted	271	(b64 or hex or strrev or Hpack) and not IsWhitelisted
272	}	272	}
273		273
274	rule DodgyStrings	274	rule DodgyStrings