diff options
| author | Julien (jvoisin) Voisin | 2016-10-31 17:58:12 +0100 |
|---|---|---|
| committer | Julien (jvoisin) Voisin | 2016-10-31 17:59:23 +0100 |
| commit | c39c97e5501209a900554f028add1ff8e45273e0 (patch) | |
| tree | abc3aed8bbcb8612d628055314349a8473234cd1 /README.md | |
| parent | 5db01cd6e40b3c5b65c4d79f5fd3c67248658a24 (diff) | |
Improve a bit the readme
Diffstat (limited to '')
| -rw-r--r-- | README.md | 4 |
1 files changed, 2 insertions, 2 deletions
| @@ -44,7 +44,6 @@ The following list of encoders/obfuscators/webshells are also detected: | |||
| 44 | Of course it's **trivial** to bypass PMF, | 44 | Of course it's **trivial** to bypass PMF, |
| 45 | but its goal is to catch kiddies and idiots, | 45 | but its goal is to catch kiddies and idiots, |
| 46 | not people with a working brain. | 46 | not people with a working brain. |
| 47 | |||
| 48 | If you report a stupid tailored bypass for PMF, you likely belong to one (or | 47 | If you report a stupid tailored bypass for PMF, you likely belong to one (or |
| 49 | both) category, and should re-read the previous statement. | 48 | both) category, and should re-read the previous statement. |
| 50 | 49 | ||
| @@ -99,10 +98,11 @@ Because: | |||
| 99 | - It doesn't use [a single rule per sample]( | 98 | - It doesn't use [a single rule per sample]( |
| 100 | https://github.com/Neo23x0/signature-base/blob/e264d66a8ea3be93db8482ab3d639a2ed3e9c949/yara/thor-webshells.yar | 99 | https://github.com/Neo23x0/signature-base/blob/e264d66a8ea3be93db8482ab3d639a2ed3e9c949/yara/thor-webshells.yar |
| 101 | ), since it only cares about finding malicious patterns, not specific webshells | 100 | ), since it only cares about finding malicious patterns, not specific webshells |
| 101 | - It has a [complete testsuite](https://travis-ci.org/nbs-system/php-malware-finder), to avoid regressions | ||
| 102 | - Its whitelist system doesn't rely on filenames | 102 | - Its whitelist system doesn't rely on filenames |
| 103 | - It doesn't rely on (slow) [entropy computation]( https://en.wikipedia.org/wiki/Entropy_(information_theory) ) | 103 | - It doesn't rely on (slow) [entropy computation]( https://en.wikipedia.org/wiki/Entropy_(information_theory) ) |
| 104 | - It uses a ghetto-style static analysis, instead of relying on file hashes | 104 | - It uses a ghetto-style static analysis, instead of relying on file hashes |
| 105 | - Thanks to the aforementioned pseudo-static analysis, it works (especially) on obfuscated files too | 105 | - Thanks to the aforementioned pseudo-static analysis, it works (especially) well on obfuscated files |
| 106 | 106 | ||
| 107 | ## Licensing | 107 | ## Licensing |
| 108 | 108 | ||