1 files changed, 1 insertions, 1 deletions
diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index 3bc15c2..866aa66 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -57,7 +57,7 @@ private rule CloudFlareBypass
 rule ObfuscatedPhp
 {
    strings:
-        $eval = /[;}][\t ]*@?(eval|preg_replace|system|exec|assert|passthru)\(/  // ;eval( <- this is dodgy
+        $eval = /[;{}][\t ]*@?(eval|preg_replace|system|exec|assert|passthru)\(/  // ;eval( <- this is dodgy
        $b374k = /'ev'\.'al'/
        $align = /(\$\w+=[^;]*)*;\$\w+=@?\$\w+\(/  //b374k
        $oneliner = /<\?php\s*\n*\r*\s*(eval|preg_replace|system|exec|assert|passthru)\(/

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara index 3bc15c2..866aa66 100644 --- a/php-malware-finder/malwares.yara +++ b/php-malware-finder/malwares.yara
@@ -57,7 +57,7 @@ private rule CloudFlareBypass
57	rule ObfuscatedPhp	57	rule ObfuscatedPhp
58	{	58	{
59	strings:	59	strings:
60	$eval = /[;}][\t ]*@?(eval\|preg_replace\|system\|exec\|assert\|passthru)\(/ // ;eval( <- this is dodgy	60	$eval = /[;{}][\t ]*@?(eval\|preg_replace\|system\|exec\|assert\|passthru)\(/ // ;eval( <- this is dodgy
61	$b374k = /'ev'\.'al'/	61	$b374k = /'ev'\.'al'/
62	$align = /(\$\w+=[^;]);\$\w+=@?\$\w+\(/ //b374k	62	$align = /(\$\w+=[^;]);\$\w+=@?\$\w+\(/ //b374k
63	$oneliner = /<\?php\s\n\r\s(eval\|preg_replace\|system\|exec\|assert\|passthru)\(/	63	$oneliner = /<\?php\s\n\r\s(eval\|preg_replace\|system\|exec\|assert\|passthru)\(/