summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--php-malware-finder/php.yar3
1 files changed, 2 insertions, 1 deletions
diff --git a/php-malware-finder/php.yar b/php-malware-finder/php.yar
index 7ace9f0..dad427b 100644
--- a/php-malware-finder/php.yar
+++ b/php-malware-finder/php.yar
@@ -90,7 +90,7 @@ rule DodgyPhp
90 $various = "<!--#exec cmd=" //http://www.w3.org/Jigsaw/Doc/User/SSI.html#exec 90 $various = "<!--#exec cmd=" //http://www.w3.org/Jigsaw/Doc/User/SSI.html#exec
91 91
92 condition: 92 condition:
93 (any of them or CloudFlareBypass) and not IsWhitelisted 93 any of them and not IsWhitelisted
94} 94}
95 95
96rule DangerousPhp 96rule DangerousPhp
@@ -132,6 +132,7 @@ rule DangerousPhp
132 $ = "posix_setuid" fullword nocase 132 $ = "posix_setuid" fullword nocase
133 $ = "preg_replace_callback" fullword 133 $ = "preg_replace_callback" fullword
134 $ = "proc_open" fullword nocase 134 $ = "proc_open" fullword nocase
135 $ = "proc_close" fullword nocase
135 $ = "popen" fullword nocase 136 $ = "popen" fullword nocase
136 $ = "register_shutdown_function" fullword nocase 137 $ = "register_shutdown_function" fullword nocase
137 $ = "register_tick_function" fullword nocase 138 $ = "register_tick_function" fullword nocase