diff options
| -rw-r--r-- | malwares.yara | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/malwares.yara b/malwares.yara index dc1a6cd..c5a11e6 100644 --- a/malwares.yara +++ b/malwares.yara | |||
| @@ -143,6 +143,8 @@ rule DangerousPhp | |||
| 143 | $u = "fpassthru" fullword | 143 | $u = "fpassthru" fullword |
| 144 | $v = "posix_setuid" fullword | 144 | $v = "posix_setuid" fullword |
| 145 | $w = "xmlrpc_decode" fullword | 145 | $w = "xmlrpc_decode" fullword |
| 146 | $x = "show_source" fullword | ||
| 147 | $y = "pcntl_exec" fullword | ||
| 146 | 148 | ||
| 147 | $whitelist = /escapeshellcmd|escapeshellarg/ | 149 | $whitelist = /escapeshellcmd|escapeshellarg/ |
| 148 | 150 | ||