diff options
| author | Julien Voisin | 2016-02-12 16:33:21 +0100 |
|---|---|---|
| committer | Julien Voisin | 2016-02-12 16:33:21 +0100 |
| commit | 291a93a623ca1895f5fec010dba75783bfa1fb5d (patch) | |
| tree | df0c2965abf0f5d829ff140f9e17d9e178e44688 | |
| parent | 25cf61765520c340d641081bbb08382e2aec1e28 (diff) | |
posix_* ++
| -rw-r--r-- | php-malware-finder/malwares.yara | 11 |
1 files changed, 11 insertions, 0 deletions
diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara index dc46b24..06b64c4 100644 --- a/php-malware-finder/malwares.yara +++ b/php-malware-finder/malwares.yara | |||
| @@ -148,8 +148,19 @@ rule DangerousPhp | |||
| 148 | $ = "phpinfo" fullword | 148 | $ = "phpinfo" fullword |
| 149 | $ = "posix_geteuid" fullword | 149 | $ = "posix_geteuid" fullword |
| 150 | $ = "posix_getgid" fullword | 150 | $ = "posix_getgid" fullword |
| 151 | $ = "posix_getpgid" fullword | ||
| 152 | $ = "posix_getppid" fullword | ||
| 153 | $ = "posix_getpwnam" fullword | ||
| 151 | $ = "posix_getpwuid" fullword | 154 | $ = "posix_getpwuid" fullword |
| 155 | $ = "posix_getsid" fullword | ||
| 152 | $ = "posix_getuid" fullword | 156 | $ = "posix_getuid" fullword |
| 157 | $ = "posix_kill" fullword | ||
| 158 | $ = "posix_setegid" fullword | ||
| 159 | $ = "posix_seteuid" fullword | ||
| 160 | $ = "posix_setgid" fullword | ||
| 161 | $ = "posix_setpgid" fullword | ||
| 162 | $ = "posix_setsid" fullword | ||
| 163 | $ = "posix_setsid" fullword | ||
| 153 | $ = "posix_setuid" fullword | 164 | $ = "posix_setuid" fullword |
| 154 | $ = "preg_replace_callback" fullword | 165 | $ = "preg_replace_callback" fullword |
| 155 | $ = "proc_open" fullword | 166 | $ = "proc_open" fullword |