1 files changed, 0 insertions, 129 deletions
diff --git a/whitelist.yara b/whitelist.yara
deleted file mode 100644
index 858860d..0000000
--- a/whitelist.yara
+++ /dev/null
@@ -1,129 +0,0 @@
-/*
-    Careful; those rules are pretty heavy on computation,
-    since the sha1sum my be recomputed for every since test;
-    please make sure that you're calling them after every other ones.
-*/
-private rule Wordpress : Blog
-{
-    condition:
-        /* Wordpress 3.5.1 */
-        hash.sha1(0, filesize)  == "833281b4d1113180e4d1ca026f5e85a680d52662" or // wp-includes/class-phpmailer.php
-        hash.sha1(0, filesize)  == "b4e4b88f2be38ed9c3147b77c2f3a7f929caba2c" or // wp-admin/includes/menu.php
-        /* Wordpress 3.2.1 */
-        hash.sha1(0, filesize)  == "b4f53b8c360f9e47cc63047305a0ce2e3ff6a251" or // wp-includes/functions.php
-        hash.sha1(0, filesize)  == "ac8298df16a560c80fb213ef3f51f90df8ef5292" or // wp-includes/class-phpmailer.php
-        hash.sha1(0, filesize)  == "232e4705e3aa28269c4d5e4a4a700bb7a2d06f24" // wp-admin/includes/menu.php
-}
-private rule Prestashop : ECommerce
-{
-    condition:
-        /* Prestashop 1.6.1.0 */
-        hash.sha1(0, filesize)  == "544cd822e2195ac162c9f0387031709042a72cfd" or // tools/htmlpurifier/HTMLPurifier.standalone.php
-        hash.sha1(0, filesize)  == "bb8c0d735809b9412265729906016329f3e681ff" or // classes/webservice/WebserviceOutputJSON.php
-        hash.sha1(0, filesize)  == "15da986fccdc7104f9d4e8c344f332db5ae9a32b" // classes/Tools.php
-}
-private rule Magento : ECommerce
-{
-    condition:
-        /* Magento 1.9.2.0 */
-        hash.sha1(0, filesize)  == "4fa9deecb5a49b0d5b1f88a8730ce20a262386f7" or // lib/Zend/Session.php
-        hash.sha1(0, filesize)  == "f214646051f5376475d06ef50fe1e5634285ba1b" or // app/code/core/Mage/Adminhtml/Model/Url.php
-        /* Magento 1.7.0.2 */
-        hash.sha1(0, filesize)  == "f46cf6fd47e60e77089d94cca5b89d19458987ca" or // lib/Zend/Session.php
-        hash.sha1(0, filesize)  == "ffb3e46c87e173b1960e50f771954ebb1efda66e" or // lib/Zend/Ldap/Converter.php
-        hash.sha1(0, filesize)  == "7faa31f0ee66f32a92b5fd516eb65ff4a3603156" or // lib/PEAR/SOAP/WSDL.php
-        hash.sha1(0, filesize)  == "539de72a2a424d86483f461a9e38ee42df158f26" or // app/code/core/Mage/Adminhtml/Model/Url.php
-        hash.sha1(0, filesize)  == "6b3f32e50343b70138ce4adb73045782b3edd851" or // lib/phpseclib/Net/SSH1.php
-        /* Magento 1.4.1.1 */
-        hash.sha1(0, filesize)  == "0b74f4b259c63c01c74fb5913c3ada87296107c8" or // lib/Zend/Session.php
-        hash.sha1(0, filesize)  == "951a4639e49c6b2ad8adeb38481e2290297c8e70" or // lib/Zend/Ldap/Converter.php
-        hash.sha1(0, filesize)  == "44ba7a5b685f4a52113559f366aaf6e9a22ae21e"  // app/code/core/Mage/Adminhtml/Model/Url.php
-}
-private rule Drupal : Blog
-{
-    condition:
-        /* Drupal 7.38 */
-        hash.sha1(0, filesize) == "ad7587ce735352b6a55526005c05c280e9d41822" or // modules/system/system.admin.inc
-        hash.sha1(0, filesize) == "dfa67a40daeb9c1dd28f3fab00097852243258ed" or // modules/system/system.module
-        /* Drupal 7.15 */
-        hash.sha1(0, filesize)  == "23cc0e2c6eebe94fe189e258a3658b40b0005891" or // modules/simpletest/tests/upgrade/drupal-6.bare.database.php
-        hash.sha1(0, filesize)  == "8cb36d865b951378c3266dca7d5173a303e8dcff" or // modules/simpletest/tests/upgrade/drupal-6.filled.database.php
-        hash.sha1(0, filesize)  == "6c9c01bef14f8f64ef0af408f7ed764791531cc6" or // modules/system/system.module
-        hash.sha1(0, filesize)  == "ad03ed890400cf319f713ee0b4b6a62a5710f580" // modules/system/system.admin.inc
-}
-private rule Roundcube
-{
-    condition:
-        /* Roundcube 1.1.2 */
-        hash.sha1(0, filesize) == "afab52649172b46f64301f41371d346297046af2" or // program/lib/Roundcube/rcube_utils.php
-        hash.sha1(0, filesize) == "e6b81834e081cc2bd38fce787c5088e63d933953" or // program/include/rcmail_output_html.php
-        hash.sha1(0, filesize) == "7783e9fad144ca5292630d459bd86ec5ea5894fc" or // vendor/pear-pear.php.net/Net_LDAP2/Net/LDAP2/Util.php
-        /* Roundcube 1.0.6 */
-        hash.sha1(0, filesize) == "76d55f05f2070f471ba977b5b0f690c91fa8cdab" or // program/lib/Roundcube/rcube_utils.php
-        hash.sha1(0, filesize) == "c68319e3e1adcd3e22cf2338bc79f12fd54f6d4a" // program/include/rcmail_output_html.php
-}
-private rule Concrete5
-{
-    condition:
-        /* concrete5 7.4.2 */
-        hash.sha1(0, filesize) == "927bbd60554ae0789d4688738b4ae945195a3c1c" or // concrete/vendor/oyejorge/less.php/lib/Less/Tree/Dimension.php
-        hash.sha1(0, filesize) == "67f07022dae5fa39e8a37c09d67cbcb833e10d1f" or // concrete/vendor/oyejorge/less.php/lib/Less/Tree/Unit.php
-        hash.sha1(0, filesize) == "e1dcbc7b05e8ba6cba392f8fd44a3564fcad3666" // concrete/vendor/doctrine/inflector/lib/Doctrine/Common/Inflector/Inflector.php
-}
-private rule Dotclear : Blog
-{
-    condition:
-        /* dotclear 2.8.0 */
-        hash.sha1(0, filesize) == "c732d2d54a80250fb8b51d4dddb74d05a59cee2e" or // inc/public/class.dc.template.php
-        hash.sha1(0, filesize) == "cc494f7f4044b5a3361281e27f2f7bb8952b8964" or // inc/core/class.dc.modules.php
-        /* dotclear 2.7.5 */
-        hash.sha1(0, filesize) == "192126b08c40c5ca086b5e4d7433e982f708baf3" or // inc/public/class.dc.template.php
-        hash.sha1(0, filesize) == "51e6810ccd3773e2bd453e97ccf16059551bae08" or // inc/libs/clearbricks/common/lib.date.php
-        hash.sha1(0, filesize) == "4172e35e7c9ce35de9f56fb8dfebe8d453f0dee4" or // inc/libs/clearbricks/template/class.template.php
-        hash.sha1(0, filesize) == "cf65db6ae55486f51370f87c4653aaed56903ccc" // inc/core/class.dc.modules.php
-}
-private rule Owncloud
-{
-    condition:
-        /* ownCloud 8.1.0 */
-        hash.sha1(0, filesize) == "a58489a3d8401295bb09cfbad09486f605625658" or // 3rdparty/phpseclib/phpseclib/phpseclib/Net/SSH1.php
-        hash.sha1(0, filesize) == "463627a4064dc05e93e6f9fc5605d4c8a4e09200" or // 3rdparty/jeremeamia/SuperClosure/src/SerializableClosure.php
-        hash.sha1(0, filesize) == "5346cb6817a75c26a6aad86e0b4ffb1d5145caa5" or // 3rdparty/symfony/process/Symfony/Component/Process/Process.php
-        hash.sha1(0, filesize) == "c8a6d4292448c7996e0092e6bfd38f90c34df090" or // core/doc/admin/_images/oc_admin_app_page.png
-        hash.sha1(0, filesize) == "acc7af31d4067c336937719b9a9ad7ac8497561e" // core/doc/admin/_sources/configuration_server/performance_tuning.txt
-}
-private rule Phpmyadmin
-{
-    condition:
-        /* phpmyadmin 4.4.11 */
-        hash.sha1(0, filesize) == "52afd26f6d38e76d7d92b96809f98e526e45c021" or // libraries/DatabaseInterface.class.php
-        hash.sha1(0, filesize) == "398507962b9dd89b0352f2ea9c648152fe932475" // libraries/DBQbe.class.php
-}
-private rule IsWhitelisted
-{
-    condition:
-        Wordpress or
-        Prestashop or
-        Magento or
-        Drupal or
-        Roundcube or
-        Concrete5 or
-        Dotclear or
-        Owncloud or
-        Phpmyadmin
-}

diff --git a/whitelist.yara b/whitelist.yara deleted file mode 100644 index 858860d..0000000 --- a/whitelist.yara +++ /dev/null
@@ -1,129 +0,0 @@
1	/*
2	Careful; those rules are pretty heavy on computation,
3	since the sha1sum my be recomputed for every since test;
4	please make sure that you're calling them after every other ones.
5	*/
6	private rule Wordpress : Blog
7	{
8	condition:
9	/* Wordpress 3.5.1 */
10	hash.sha1(0, filesize) == "833281b4d1113180e4d1ca026f5e85a680d52662" or // wp-includes/class-phpmailer.php
11	hash.sha1(0, filesize) == "b4e4b88f2be38ed9c3147b77c2f3a7f929caba2c" or // wp-admin/includes/menu.php
12
13	/* Wordpress 3.2.1 */
14	hash.sha1(0, filesize) == "b4f53b8c360f9e47cc63047305a0ce2e3ff6a251" or // wp-includes/functions.php
15	hash.sha1(0, filesize) == "ac8298df16a560c80fb213ef3f51f90df8ef5292" or // wp-includes/class-phpmailer.php
16	hash.sha1(0, filesize) == "232e4705e3aa28269c4d5e4a4a700bb7a2d06f24" // wp-admin/includes/menu.php
17	}
18
19	private rule Prestashop : ECommerce
20	{
21	condition:
22	/* Prestashop 1.6.1.0 */
23	hash.sha1(0, filesize) == "544cd822e2195ac162c9f0387031709042a72cfd" or // tools/htmlpurifier/HTMLPurifier.standalone.php
24	hash.sha1(0, filesize) == "bb8c0d735809b9412265729906016329f3e681ff" or // classes/webservice/WebserviceOutputJSON.php
25	hash.sha1(0, filesize) == "15da986fccdc7104f9d4e8c344f332db5ae9a32b" // classes/Tools.php
26	}
27
28	private rule Magento : ECommerce
29	{
30	condition:
31	/* Magento 1.9.2.0 */
32	hash.sha1(0, filesize) == "4fa9deecb5a49b0d5b1f88a8730ce20a262386f7" or // lib/Zend/Session.php
33	hash.sha1(0, filesize) == "f214646051f5376475d06ef50fe1e5634285ba1b" or // app/code/core/Mage/Adminhtml/Model/Url.php
34
35	/* Magento 1.7.0.2 */
36	hash.sha1(0, filesize) == "f46cf6fd47e60e77089d94cca5b89d19458987ca" or // lib/Zend/Session.php
37	hash.sha1(0, filesize) == "ffb3e46c87e173b1960e50f771954ebb1efda66e" or // lib/Zend/Ldap/Converter.php
38	hash.sha1(0, filesize) == "7faa31f0ee66f32a92b5fd516eb65ff4a3603156" or // lib/PEAR/SOAP/WSDL.php
39	hash.sha1(0, filesize) == "539de72a2a424d86483f461a9e38ee42df158f26" or // app/code/core/Mage/Adminhtml/Model/Url.php
40	hash.sha1(0, filesize) == "6b3f32e50343b70138ce4adb73045782b3edd851" or // lib/phpseclib/Net/SSH1.php
41
42	/* Magento 1.4.1.1 */
43	hash.sha1(0, filesize) == "0b74f4b259c63c01c74fb5913c3ada87296107c8" or // lib/Zend/Session.php
44	hash.sha1(0, filesize) == "951a4639e49c6b2ad8adeb38481e2290297c8e70" or // lib/Zend/Ldap/Converter.php
45	hash.sha1(0, filesize) == "44ba7a5b685f4a52113559f366aaf6e9a22ae21e" // app/code/core/Mage/Adminhtml/Model/Url.php
46	}
47
48	private rule Drupal : Blog
49	{
50	condition:
51	/* Drupal 7.38 */
52	hash.sha1(0, filesize) == "ad7587ce735352b6a55526005c05c280e9d41822" or // modules/system/system.admin.inc
53	hash.sha1(0, filesize) == "dfa67a40daeb9c1dd28f3fab00097852243258ed" or // modules/system/system.module
54
55	/* Drupal 7.15 */
56	hash.sha1(0, filesize) == "23cc0e2c6eebe94fe189e258a3658b40b0005891" or // modules/simpletest/tests/upgrade/drupal-6.bare.database.php
57	hash.sha1(0, filesize) == "8cb36d865b951378c3266dca7d5173a303e8dcff" or // modules/simpletest/tests/upgrade/drupal-6.filled.database.php
58	hash.sha1(0, filesize) == "6c9c01bef14f8f64ef0af408f7ed764791531cc6" or // modules/system/system.module
59	hash.sha1(0, filesize) == "ad03ed890400cf319f713ee0b4b6a62a5710f580" // modules/system/system.admin.inc
60	}
61
62	private rule Roundcube
63	{
64	condition:
65	/* Roundcube 1.1.2 */
66	hash.sha1(0, filesize) == "afab52649172b46f64301f41371d346297046af2" or // program/lib/Roundcube/rcube_utils.php
67	hash.sha1(0, filesize) == "e6b81834e081cc2bd38fce787c5088e63d933953" or // program/include/rcmail_output_html.php
68	hash.sha1(0, filesize) == "7783e9fad144ca5292630d459bd86ec5ea5894fc" or // vendor/pear-pear.php.net/Net_LDAP2/Net/LDAP2/Util.php
69
70	/* Roundcube 1.0.6 */
71	hash.sha1(0, filesize) == "76d55f05f2070f471ba977b5b0f690c91fa8cdab" or // program/lib/Roundcube/rcube_utils.php
72	hash.sha1(0, filesize) == "c68319e3e1adcd3e22cf2338bc79f12fd54f6d4a" // program/include/rcmail_output_html.php
73	}
74
75	private rule Concrete5
76	{
77	condition:
78	/* concrete5 7.4.2 */
79	hash.sha1(0, filesize) == "927bbd60554ae0789d4688738b4ae945195a3c1c" or // concrete/vendor/oyejorge/less.php/lib/Less/Tree/Dimension.php
80	hash.sha1(0, filesize) == "67f07022dae5fa39e8a37c09d67cbcb833e10d1f" or // concrete/vendor/oyejorge/less.php/lib/Less/Tree/Unit.php
81	hash.sha1(0, filesize) == "e1dcbc7b05e8ba6cba392f8fd44a3564fcad3666" // concrete/vendor/doctrine/inflector/lib/Doctrine/Common/Inflector/Inflector.php
82	}
83
84	private rule Dotclear : Blog
85	{
86	condition:
87	/* dotclear 2.8.0 */
88	hash.sha1(0, filesize) == "c732d2d54a80250fb8b51d4dddb74d05a59cee2e" or // inc/public/class.dc.template.php
89	hash.sha1(0, filesize) == "cc494f7f4044b5a3361281e27f2f7bb8952b8964" or // inc/core/class.dc.modules.php
90
91	/* dotclear 2.7.5 */
92	hash.sha1(0, filesize) == "192126b08c40c5ca086b5e4d7433e982f708baf3" or // inc/public/class.dc.template.php
93	hash.sha1(0, filesize) == "51e6810ccd3773e2bd453e97ccf16059551bae08" or // inc/libs/clearbricks/common/lib.date.php
94	hash.sha1(0, filesize) == "4172e35e7c9ce35de9f56fb8dfebe8d453f0dee4" or // inc/libs/clearbricks/template/class.template.php
95	hash.sha1(0, filesize) == "cf65db6ae55486f51370f87c4653aaed56903ccc" // inc/core/class.dc.modules.php
96	}
97
98	private rule Owncloud
99	{
100	condition:
101	/* ownCloud 8.1.0 */
102	hash.sha1(0, filesize) == "a58489a3d8401295bb09cfbad09486f605625658" or // 3rdparty/phpseclib/phpseclib/phpseclib/Net/SSH1.php
103	hash.sha1(0, filesize) == "463627a4064dc05e93e6f9fc5605d4c8a4e09200" or // 3rdparty/jeremeamia/SuperClosure/src/SerializableClosure.php
104	hash.sha1(0, filesize) == "5346cb6817a75c26a6aad86e0b4ffb1d5145caa5" or // 3rdparty/symfony/process/Symfony/Component/Process/Process.php
105	hash.sha1(0, filesize) == "c8a6d4292448c7996e0092e6bfd38f90c34df090" or // core/doc/admin/_images/oc_admin_app_page.png
106	hash.sha1(0, filesize) == "acc7af31d4067c336937719b9a9ad7ac8497561e" // core/doc/admin/_sources/configuration_server/performance_tuning.txt
107	}
108
109	private rule Phpmyadmin
110	{
111	condition:
112	/* phpmyadmin 4.4.11 */
113	hash.sha1(0, filesize) == "52afd26f6d38e76d7d92b96809f98e526e45c021" or // libraries/DatabaseInterface.class.php
114	hash.sha1(0, filesize) == "398507962b9dd89b0352f2ea9c648152fe932475" // libraries/DBQbe.class.php
115	}
116
117	private rule IsWhitelisted
118	{
119	condition:
120	Wordpress or
121	Prestashop or
122	Magento or
123	Drupal or
124	Roundcube or
125	Concrete5 or
126	Dotclear or
127	Owncloud or
128	Phpmyadmin
129	}