diff options
| author | Julien (jvoisin) Voisin | 2015-05-07 17:37:14 +0200 |
|---|---|---|
| committer | Julien (jvoisin) Voisin | 2015-05-07 17:37:14 +0200 |
| commit | ad9327f187de3816f9517d82f671a209578a136b (patch) | |
| tree | 0d37ce31eec523d76752bbb37e203a0657490e87 | |
| parent | 94541be7c1083a13ba620f3d94ab899f81bab1b3 (diff) | |
Add two doggy functions
| -rw-r--r-- | malwares.yara | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/malwares.yara b/malwares.yara index dc1a6cd..c5a11e6 100644 --- a/malwares.yara +++ b/malwares.yara | |||
| @@ -143,6 +143,8 @@ rule DangerousPhp | |||
| 143 | $u = "fpassthru" fullword | 143 | $u = "fpassthru" fullword |
| 144 | $v = "posix_setuid" fullword | 144 | $v = "posix_setuid" fullword |
| 145 | $w = "xmlrpc_decode" fullword | 145 | $w = "xmlrpc_decode" fullword |
| 146 | $x = "show_source" fullword | ||
| 147 | $y = "pcntl_exec" fullword | ||
| 146 | 148 | ||
| 147 | $whitelist = /escapeshellcmd|escapeshellarg/ | 149 | $whitelist = /escapeshellcmd|escapeshellarg/ |
| 148 | 150 | ||