diff options
| -rw-r--r-- | malwares.yara | 5 |
1 files changed, 2 insertions, 3 deletions
diff --git a/malwares.yara b/malwares.yara index 9e962f0..1707a0a 100644 --- a/malwares.yara +++ b/malwares.yara | |||
| @@ -20,11 +20,10 @@ include "whitelist.yara" | |||
| 20 | global private rule IsPhp | 20 | global private rule IsPhp |
| 21 | { | 21 | { |
| 22 | strings: | 22 | strings: |
| 23 | $php = "<?" | 23 | $php = /<\?[^x]/ |
| 24 | $xml = "<?xml" | ||
| 25 | 24 | ||
| 26 | condition: | 25 | condition: |
| 27 | $php and not $xml and filesize < 5MB | 26 | $php and filesize < 5MB |
| 28 | } | 27 | } |
| 29 | 28 | ||
| 30 | private rule IRC | 29 | private rule IRC |