1 files changed, 1 insertions, 1 deletions
diff --git a/php-malware-finder/php.yar b/php-malware-finder/php.yar
index 6a93fe1..029aaf9 100644
--- a/php-malware-finder/php.yar
+++ b/php-malware-finder/php.yar
@@ -159,7 +159,7 @@ rule DangerousPhp
        $ = "suhosin.executor.func.blacklist" nocase
        $ = "unregister_tick_function" fullword nocase
        $ = "win32_create_service" fullword nocase
-        $ = "xmlrpc_decode" fullword nocase nocase
+        $ = "xmlrpc_decode" fullword nocase 
        $ = /ob_start\s*\(\s*[^\)]/  //ob_start('assert'); echo $_REQUEST['pass']; ob_end_flush();
        $whitelist = /escapeshellcmd|escapeshellarg/ nocase

diff --git a/php-malware-finder/php.yar b/php-malware-finder/php.yar index 6a93fe1..029aaf9 100644 --- a/php-malware-finder/php.yar +++ b/php-malware-finder/php.yar
@@ -159,7 +159,7 @@ rule DangerousPhp
159	$ = "suhosin.executor.func.blacklist" nocase	159	$ = "suhosin.executor.func.blacklist" nocase
160	$ = "unregister_tick_function" fullword nocase	160	$ = "unregister_tick_function" fullword nocase
161	$ = "win32_create_service" fullword nocase	161	$ = "win32_create_service" fullword nocase
162	$ = "xmlrpc_decode" fullword nocase nocase	162	$ = "xmlrpc_decode" fullword nocase
163	$ = /ob_start\s\(\s[^\)]/ //ob_start('assert'); echo $_REQUEST['pass']; ob_end_flush();	163	$ = /ob_start\s\(\s[^\)]/ //ob_start('assert'); echo $_REQUEST['pass']; ob_end_flush();
164		164
165	$whitelist = /escapeshellcmd\|escapeshellarg/ nocase	165	$whitelist = /escapeshellcmd\|escapeshellarg/ nocase