Add Owncloud, Dotclear, concrete5, roundcube and more drupal to the

whitelsit

1 files changed, 55 insertions, 1 deletions

diff --git a/whitelist.yara b/whitelist.yara
index ce7bafb..0142a53 100644
--- a/whitelist.yara
+++ b/whitelist.yara
@@ -44,17 +44,71 @@ private rule Magento : ECommerce
 private rule Drupal : Blog
 {
     condition:
+        /* Drupal 7.38 */
+        hash.sha1(0, filesize) == "ad7587ce735352b6a55526005c05c280e9d41822" or // modules/system/system.admin.inc
+        hash.sha1(0, filesize) == "dfa67a40daeb9c1dd28f3fab00097852243258ed" or // modules/system/system.module
+
+        /* Drupal 7.15 */
         hash.sha1(0, filesize)  == "23cc0e2c6eebe94fe189e258a3658b40b0005891" or // modules/simpletest/tests/upgrade/drupal-6.bare.database.php
         hash.sha1(0, filesize)  == "8cb36d865b951378c3266dca7d5173a303e8dcff" or // modules/simpletest/tests/upgrade/drupal-6.filled.database.php
         hash.sha1(0, filesize)  == "6c9c01bef14f8f64ef0af408f7ed764791531cc6" or // modules/system/system.module
         hash.sha1(0, filesize)  == "ad03ed890400cf319f713ee0b4b6a62a5710f580" // modules/system/system.admin.inc
 }
 
+private rule Roundcube
+{
+    condition:
+        /* Roundcube 1.1.2 */
+        hash.sha1(0, filesize) == "afab52649172b46f64301f41371d346297046af2" or // program/lib/Roundcube/rcube_utils.php
+        hash.sha1(0, filesize) == "e6b81834e081cc2bd38fce787c5088e63d933953" or // program/include/rcmail_output_html.php
+        hash.sha1(0, filesize) == "7783e9fad144ca5292630d459bd86ec5ea5894fc" or // vendor/pear-pear.php.net/Net_LDAP2/Net/LDAP2/Util.php
+
+        /* Roundcube 1.0.6 */
+        hash.sha1(0, filesize) == "76d55f05f2070f471ba977b5b0f690c91fa8cdab" or // program/lib/Roundcube/rcube_utils.php
+        hash.sha1(0, filesize) == "c68319e3e1adcd3e22cf2338bc79f12fd54f6d4a" // program/include/rcmail_output_html.php
+}
+
+private rule Concrete5
+{
+    condition:
+        /* concrete5 7.4.2 */
+        hash.sha1(0, filesize) == "927bbd60554ae0789d4688738b4ae945195a3c1c" or // concrete/vendor/oyejorge/less.php/lib/Less/Tree/Dimension.php
+        hash.sha1(0, filesize) == "67f07022dae5fa39e8a37c09d67cbcb833e10d1f" or // concrete/vendor/oyejorge/less.php/lib/Less/Tree/Unit.php
+        hash.sha1(0, filesize) == "e1dcbc7b05e8ba6cba392f8fd44a3564fcad3666" // concrete/vendor/doctrine/inflector/lib/Doctrine/Common/Inflector/Inflector.php
+}
+
+private rule Dotclear : Blog
+{
+    condition:
+        /* dotclear 2.7.5 */
+        hash.sha1(0, filesize) == "192126b08c40c5ca086b5e4d7433e982f708baf3" or // inc/public/class.dc.template.php
+        hash.sha1(0, filesize) == "51e6810ccd3773e2bd453e97ccf16059551bae08" or // inc/libs/clearbricks/common/lib.date.php
+        hash.sha1(0, filesize) == "4172e35e7c9ce35de9f56fb8dfebe8d453f0dee4" or // inc/libs/clearbricks/template/class.template.php
+        hash.sha1(0, filesize) == "cf65db6ae55486f51370f87c4653aaed56903ccc" // inc/core/class.dc.modules.php
+
+}
+
+private rule Owncloud
+{
+    condition:
+        /* ownCloud 8.1.0 */
+        hash.sha1(0, filesize) == "a58489a3d8401295bb09cfbad09486f605625658" or // 3rdparty/phpseclib/phpseclib/phpseclib/Net/SSH1.php
+        hash.sha1(0, filesize) == "463627a4064dc05e93e6f9fc5605d4c8a4e09200" or // 3rdparty/jeremeamia/SuperClosure/src/SerializableClosure.php
+        hash.sha1(0, filesize) == "5346cb6817a75c26a6aad86e0b4ffb1d5145caa5" or // 3rdparty/symfony/process/Symfony/Component/Process/Process.php
+        hash.sha1(0, filesize) == "c8a6d4292448c7996e0092e6bfd38f90c34df090" or // core/doc/admin/_images/oc_admin_app_page.png
+        hash.sha1(0, filesize) == "acc7af31d4067c336937719b9a9ad7ac8497561e" // core/doc/admin/_sources/configuration_server/performance_tuning.txt
+
+}
+
 private rule IsWhitelisted
 {
     condition:
         Wordpress or
         Prestashop or
         Magento or
-        Drupal
+        Drupal or
+        Roundcube or
+        Concrete5 or
+        Dotclear or
+        Owncloud
 }