Installation documentation (#78)

1 files changed, 8 insertions, 1 deletions

diff --git a/README.md b/README.md
index c458785..ae23345 100644
--- a/README.md
+++ b/README.md
@@ -51,13 +51,20 @@ both) category, and should re-read the previous statement.
 
 Detection is performed by crawling the filesystem and testing files against a
 [set](https://github.com/nbs-system/php-malware-finder/blob/master/php-malware-finder/php.yar)
-of [YARA](https://plusvic.github.io/yara/) rules. Yes, it's that simple!
+of [YARA](http://virustotal.github.io/yara/) rules. Yes, it's that simple!
 
 Instead of using an *hash-based* approach,
 PMF tries as much as possible to use semantic patterns, to detect things like
 "a `$_GET` variable is decoded two times, unziped,
 and then passed to some dangerous function like `system`".
 
+## Installation
+- [Install Yara](https://yara.readthedocs.io/en/v3.7.0/gettingstarted.html#compiling-and-installing-yara).  
+This is also possible via some Linux package managers:  
+Debian: `sudo apt-get install yara`  
+Red Hat: `yum install yara` (requires the [EPEL repository](https://fedoraproject.org/wiki/EPEL))
+
+- Download php-maleware-finder `git clone https://github.com/nbs-system/php-malware-finder.git`
 
 ## How to use it?