diff options
| author | Julien (jvoisin) Voisin | 2016-06-16 13:15:51 +0200 |
|---|---|---|
| committer | Julien (jvoisin) Voisin | 2016-06-16 13:15:51 +0200 |
| commit | 16a8d8c8f2b1ad7aec0908fccb5b0c79f98743f3 (patch) | |
| tree | b5457de1a5c5aeae31f7cf558f155bee2253b47d | |
| parent | 763508533e802f2c45b9f8eb29aec09499d7e3be (diff) | |
Cloudflare rule is _public_, no need to put it in another rule
| -rw-r--r-- | php-malware-finder/php.yar | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/php-malware-finder/php.yar b/php-malware-finder/php.yar index 7ace9f0..dad427b 100644 --- a/php-malware-finder/php.yar +++ b/php-malware-finder/php.yar | |||
| @@ -90,7 +90,7 @@ rule DodgyPhp | |||
| 90 | $various = "<!--#exec cmd=" //http://www.w3.org/Jigsaw/Doc/User/SSI.html#exec | 90 | $various = "<!--#exec cmd=" //http://www.w3.org/Jigsaw/Doc/User/SSI.html#exec |
| 91 | 91 | ||
| 92 | condition: | 92 | condition: |
| 93 | (any of them or CloudFlareBypass) and not IsWhitelisted | 93 | any of them and not IsWhitelisted |
| 94 | } | 94 | } |
| 95 | 95 | ||
| 96 | rule DangerousPhp | 96 | rule DangerousPhp |
| @@ -132,6 +132,7 @@ rule DangerousPhp | |||
| 132 | $ = "posix_setuid" fullword nocase | 132 | $ = "posix_setuid" fullword nocase |
| 133 | $ = "preg_replace_callback" fullword | 133 | $ = "preg_replace_callback" fullword |
| 134 | $ = "proc_open" fullword nocase | 134 | $ = "proc_open" fullword nocase |
| 135 | $ = "proc_close" fullword nocase | ||
| 135 | $ = "popen" fullword nocase | 136 | $ = "popen" fullword nocase |
| 136 | $ = "register_shutdown_function" fullword nocase | 137 | $ = "register_shutdown_function" fullword nocase |
| 137 | $ = "register_tick_function" fullword nocase | 138 | $ = "register_tick_function" fullword nocase |