diff options
| author | jvoisin | 2015-07-09 14:42:32 +0200 |
|---|---|---|
| committer | jvoisin | 2015-07-09 14:42:32 +0200 |
| commit | 40dbc1cb5bd274452ac56613b61976fe218ce031 (patch) | |
| tree | 9d1c0b08305730c040023d743e9bdabeb07dc355 | |
| parent | 3d72248f3b7837a36e184288311bf0397cefc064 (diff) | |
Simplify the php rule
| -rw-r--r-- | malwares.yara | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/malwares.yara b/malwares.yara index 9e962f0..1707a0a 100644 --- a/malwares.yara +++ b/malwares.yara | |||
| @@ -20,11 +20,10 @@ include "whitelist.yara" | |||
| 20 | global private rule IsPhp | 20 | global private rule IsPhp |
| 21 | { | 21 | { |
| 22 | strings: | 22 | strings: |
| 23 | $php = "<?" | 23 | $php = /<\?[^x]/ |
| 24 | $xml = "<?xml" | ||
| 25 | 24 | ||
| 26 | condition: | 25 | condition: |
| 27 | $php and not $xml and filesize < 5MB | 26 | $php and filesize < 5MB |
| 28 | } | 27 | } |
| 29 | 28 | ||
| 30 | private rule IRC | 29 | private rule IRC |