summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--php-malware-finder/whitelist.yar27
1 files changed, 13 insertions, 14 deletions
diff --git a/php-malware-finder/whitelist.yar b/php-malware-finder/whitelist.yar
index 3aab9c5..3de4db9 100644
--- a/php-malware-finder/whitelist.yar
+++ b/php-malware-finder/whitelist.yar
@@ -1,12 +1,12 @@
1/* 1/*
2 Careful; those rules are pretty heavy on computation, 2 Careful. Those rules are pretty heavy on computation
3 since the sha1sum my be recomputed for every since test; 3 since the sha1sum may be recomputed for every test.
4 please make sure that you're calling them after every other ones. 4 Please make sure that you're calling those rules after all the others.
5*/ 5*/
6 6
7private rule Symfony : Blog 7private rule Symfony : Blog
8{ 8{
9 condition: 9 condition:
10 hash.sha1(0, filesize) == "3006ce2ddce200e1c66185b95065dc7f9d224465" or // vendor/twig/twig/lib/Twig/Node/Macro.php 10 hash.sha1(0, filesize) == "3006ce2ddce200e1c66185b95065dc7f9d224465" or // vendor/twig/twig/lib/Twig/Node/Macro.php
11 hash.sha1(0, filesize) == "39bae7f6aa0f4affe06a0d7b7d8306e1e27e441e" or // vendor/doctrine/common/lib/Doctrine/Common/Proxy/ProxyGenerator.php 11 hash.sha1(0, filesize) == "39bae7f6aa0f4affe06a0d7b7d8306e1e27e441e" or // vendor/doctrine/common/lib/Doctrine/Common/Proxy/ProxyGenerator.php
12 hash.sha1(0, filesize) == "4848d9582a2205c1b037a542faa5ed1b755d6620" or // vendor/phpoffice/phpword/src/PhpWord/Shared/PCLZip/pclzip.lib.php 12 hash.sha1(0, filesize) == "4848d9582a2205c1b037a542faa5ed1b755d6620" or // vendor/phpoffice/phpword/src/PhpWord/Shared/PCLZip/pclzip.lib.php
@@ -18,7 +18,7 @@ private rule Symfony : Blog
18 hash.sha1(0, filesize) == "beea13bcbd977cb7ee29fdf4bca36c9c19e5a562" or // vendor/dompdf/dompdf/include/cellmap.cls.php 18 hash.sha1(0, filesize) == "beea13bcbd977cb7ee29fdf4bca36c9c19e5a562" or // vendor/dompdf/dompdf/include/cellmap.cls.php
19 hash.sha1(0, filesize) == "da96d532cc2f930449a4e19a0e280d759366a8de" or // vendor/dompdf/dompdf/include/style.cls.php 19 hash.sha1(0, filesize) == "da96d532cc2f930449a4e19a0e280d759366a8de" or // vendor/dompdf/dompdf/include/style.cls.php
20 hash.sha1(0, filesize) == "e4b9be9277626f5377ecb3306fd4f2fb7a99508f" // vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/SimpleMailInvoker.php 20 hash.sha1(0, filesize) == "e4b9be9277626f5377ecb3306fd4f2fb7a99508f" // vendor/swiftmailer/swiftmailer/lib/classes/Swift/Transport/SimpleMailInvoker.php
21} 21}
22 22
23private rule Wordpress : Blog 23private rule Wordpress : Blog
24{ 24{
@@ -32,8 +32,8 @@ private rule Wordpress : Blog
32 hash.sha1(0, filesize) == "e7caf1f66c38bb119fe709ade012a989d8610f07" or // wp-admin/includes/class-pclzip.php 32 hash.sha1(0, filesize) == "e7caf1f66c38bb119fe709ade012a989d8610f07" or // wp-admin/includes/class-pclzip.php
33 hash.sha1(0, filesize) == "8ddb9eff06105b9699c6b03db54472291abcb823" or // wp-includes/taxonomy.php 33 hash.sha1(0, filesize) == "8ddb9eff06105b9699c6b03db54472291abcb823" or // wp-includes/taxonomy.php
34 hash.sha1(0, filesize) == "9dd666651f57ef6e704310fe37ffce7dfd2322e4" or // wp-includes/comment.php 34 hash.sha1(0, filesize) == "9dd666651f57ef6e704310fe37ffce7dfd2322e4" or // wp-includes/comment.php
35 35
36 /* Wordpress 3.9 */ 36 /* Wordpress 3.9 */
37 hash.sha1(0, filesize) == "b20e3d401b0ab935ed6401392233b36966523e20" or // wp-includes/class-pop3.php 37 hash.sha1(0, filesize) == "b20e3d401b0ab935ed6401392233b36966523e20" or // wp-includes/class-pop3.php
38 hash.sha1(0, filesize) == "3748c7a2150a9da2d2dda10062b00d34982b3d87" or // wp-includes/taxonomy.php 38 hash.sha1(0, filesize) == "3748c7a2150a9da2d2dda10062b00d34982b3d87" or // wp-includes/taxonomy.php
39 hash.sha1(0, filesize) == "1a4e6932523c34d95f050960e7c3d082adb28156" or // wp-includes/ID3/getid3.php 39 hash.sha1(0, filesize) == "1a4e6932523c34d95f050960e7c3d082adb28156" or // wp-includes/ID3/getid3.php
@@ -41,7 +41,7 @@ private rule Wordpress : Blog
41 hash.sha1(0, filesize) == "c605d1224cf4b24ad2457dd87885de9030e20731" or // wp-includes/SimplePie/File.php 41 hash.sha1(0, filesize) == "c605d1224cf4b24ad2457dd87885de9030e20731" or // wp-includes/SimplePie/File.php
42 hash.sha1(0, filesize) == "005f02927a6904c4e7f3b88ebdd9feaa6221790b" or // wp-includes/class-phpmailer.php 42 hash.sha1(0, filesize) == "005f02927a6904c4e7f3b88ebdd9feaa6221790b" or // wp-includes/class-phpmailer.php
43 hash.sha1(0, filesize) == "12b433cc24cca9747b1fcb1132ffb6b1e6ab75b0" or // wp-includes/comment.php 43 hash.sha1(0, filesize) == "12b433cc24cca9747b1fcb1132ffb6b1e6ab75b0" or // wp-includes/comment.php
44 44
45 /* Wordpress 3.5.1 */ 45 /* Wordpress 3.5.1 */
46 hash.sha1(0, filesize) == "833281b4d1113180e4d1ca026f5e85a680d52662" or // wp-includes/class-phpmailer.php 46 hash.sha1(0, filesize) == "833281b4d1113180e4d1ca026f5e85a680d52662" or // wp-includes/class-phpmailer.php
47 hash.sha1(0, filesize) == "b4e4b88f2be38ed9c3147b77c2f3a7f929caba2c" or // wp-admin/includes/menu.php 47 hash.sha1(0, filesize) == "b4e4b88f2be38ed9c3147b77c2f3a7f929caba2c" or // wp-admin/includes/menu.php
@@ -91,9 +91,8 @@ private rule Drupal : Blog
91 /* Drupal 7.38 */ 91 /* Drupal 7.38 */
92 hash.sha1(0, filesize) == "ad7587ce735352b6a55526005c05c280e9d41822" or // modules/system/system.admin.inc 92 hash.sha1(0, filesize) == "ad7587ce735352b6a55526005c05c280e9d41822" or // modules/system/system.admin.inc
93 hash.sha1(0, filesize) == "dfa67a40daeb9c1dd28f3fab00097852243258ed" or // modules/system/system.module 93 hash.sha1(0, filesize) == "dfa67a40daeb9c1dd28f3fab00097852243258ed" or // modules/system/system.module
94 94
95 /* Drupal 7.33 */ 95 /* Drupal 7.33 */
96
97 hash.sha1(0, filesize) == "19c45985dfee7dc27a3a275542dee7c8fc7ebd6d" or // modules/simpletest/drupal_web_test_case.php 96 hash.sha1(0, filesize) == "19c45985dfee7dc27a3a275542dee7c8fc7ebd6d" or // modules/simpletest/drupal_web_test_case.php
98 hash.sha1(0, filesize) == "e53ae29f02d7bd8667ce701b6d13ca71249e6598" or // modules/contrib/simplenews/tests/d6_simplenews_61.php 97 hash.sha1(0, filesize) == "e53ae29f02d7bd8667ce701b6d13ca71249e6598" or // modules/contrib/simplenews/tests/d6_simplenews_61.php
99 hash.sha1(0, filesize) == "5e1093b4d8bcb438b07e8a428957bd3f79c1042c" or // modules/contrib/simplenews/tests/d6_simplenews_62.php 98 hash.sha1(0, filesize) == "5e1093b4d8bcb438b07e8a428957bd3f79c1042c" or // modules/contrib/simplenews/tests/d6_simplenews_62.php
@@ -101,7 +100,7 @@ private rule Drupal : Blog
101 hash.sha1(0, filesize) == "c748f376cccb982448e99dee184dfec3a1979f44" or // modules/socials/og/tests/drupal-7.og.update_7001.database.php 100 hash.sha1(0, filesize) == "c748f376cccb982448e99dee184dfec3a1979f44" or // modules/socials/og/tests/drupal-7.og.update_7001.database.php
102 hash.sha1(0, filesize) == "1335f535e2b20634fa8be3e95411921dfe47041d" or // modules/socials/og/tests/drupal-6.og.database.php 101 hash.sha1(0, filesize) == "1335f535e2b20634fa8be3e95411921dfe47041d" or // modules/socials/og/tests/drupal-6.og.database.php
103 hash.sha1(0, filesize) == "10aa23f49747970a204c5df98d4c36e64e354760" or // modules/socials/og/og_ui/tests/drupal-6.og-ui.database.php 102 hash.sha1(0, filesize) == "10aa23f49747970a204c5df98d4c36e64e354760" or // modules/socials/og/og_ui/tests/drupal-6.og-ui.database.php
104 103
105 /* Drupal 7.15 */ 104 /* Drupal 7.15 */
106 hash.sha1(0, filesize) == "23cc0e2c6eebe94fe189e258a3658b40b0005891" or // modules/simpletest/tests/upgrade/drupal-6.bare.database.php 105 hash.sha1(0, filesize) == "23cc0e2c6eebe94fe189e258a3658b40b0005891" or // modules/simpletest/tests/upgrade/drupal-6.bare.database.php
107 hash.sha1(0, filesize) == "8cb36d865b951378c3266dca7d5173a303e8dcff" or // modules/simpletest/tests/upgrade/drupal-6.filled.database.php 106 hash.sha1(0, filesize) == "8cb36d865b951378c3266dca7d5173a303e8dcff" or // modules/simpletest/tests/upgrade/drupal-6.filled.database.php