summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorjvoisin2015-07-09 14:42:32 +0200
committerjvoisin2015-07-09 14:42:32 +0200
commit40dbc1cb5bd274452ac56613b61976fe218ce031 (patch)
tree9d1c0b08305730c040023d743e9bdabeb07dc355
parent3d72248f3b7837a36e184288311bf0397cefc064 (diff)
Simplify the php rule
-rw-r--r--malwares.yara5
1 files changed, 2 insertions, 3 deletions
diff --git a/malwares.yara b/malwares.yara
index 9e962f0..1707a0a 100644
--- a/malwares.yara
+++ b/malwares.yara
@@ -20,11 +20,10 @@ include "whitelist.yara"
20global private rule IsPhp 20global private rule IsPhp
21{ 21{
22 strings: 22 strings:
23 $php = "<?" 23 $php = /<\?[^x]/
24 $xml = "<?xml"
25 24
26 condition: 25 condition:
27 $php and not $xml and filesize < 5MB 26 $php and filesize < 5MB
28} 27}
29 28
30private rule IRC 29private rule IRC