1 files changed, 0 insertions, 1 deletions
diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index 1a4b940..1fa5c22 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -119,7 +119,6 @@ rule DodgyPhp
        $udp_dos = /sockopen\s*\(['"]udp:\/\//
        $user_function = /(call_user_func|create_function)/
        $various = "<!--#exec cmd="  //http://www.w3.org/Jigsaw/Doc/User/SSI.html#exec
-        $vars = /\$__+/ // $__ is rarely used in legitimate scripts
    condition:
        (any of them or CloudFlareBypass) and not IsWhitelisted

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara index 1a4b940..1fa5c22 100644 --- a/php-malware-finder/malwares.yara +++ b/php-malware-finder/malwares.yara
@@ -119,7 +119,6 @@ rule DodgyPhp
119	$udp_dos = /sockopen\s*\(['"]udp:\/\//	119	$udp_dos = /sockopen\s*\(['"]udp:\/\//
120	$user_function = /(call_user_func\|create_function)/	120	$user_function = /(call_user_func\|create_function)/
121	$various = "<!--#exec cmd=" //http://www.w3.org/Jigsaw/Doc/User/SSI.html#exec	121	$various = "<!--#exec cmd=" //http://www.w3.org/Jigsaw/Doc/User/SSI.html#exec
122	$vars = /\$__+/ // $__ is rarely used in legitimate scripts
123		122
124	condition:	123	condition:
125	(any of them or CloudFlareBypass) and not IsWhitelisted	124	(any of them or CloudFlareBypass) and not IsWhitelisted