summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-02-15changelog modified for version 0.2.20.2.2Julien "shaddai" Reveret
2016-02-15Reduce FP triggered by the TooShort ruleshaddai
The TooShort rule is now used against *.ph* files in order to reduce the number of false positives triggered by pictures and JS files. Using the wc command ionly once should reduce I/O load too.
2016-02-12posix_* ++Julien Voisin
2016-02-12Add `php://` to the blacklistJulien Voisin
2016-02-12Strings are nocaseJulien Voisin
2016-02-12chmod777Julien Voisin
2016-02-12Add a few artefacts taken from `assdick.php`, aka "fuhosin"Julien Voisin
2016-02-12Makes a rule more genericJulien Voisin
2016-02-12symfony added, new versions of wordpress and drupalshaddai
2016-02-05Update README.mdjvoisin
2016-02-05handle filenames with spacesSebastien Blot
2016-02-03Add yara version requirement in the README fileJulien Voisin
2016-02-03Move the README fileJulien Voisin
2016-02-03Merge branch 'master' of gitlab.nbs-system.com:packages/php-malware-finderJulien Voisin
2016-02-03Finalize mergeJulien Voisin
2016-02-03Merge branch 'master' of github.com:nbs-system/php-malware-finderJulien Voisin
2016-02-03Add some bad_php rulesJulien Voisin
2016-02-010.2.1 : docroot-check.sh addedJulien "shaddai" Reveret
2016-02-01docroot-checker records sha1sums to prevent rescanning the whole docroot ↵Julien "shaddai" Reveret
next time
2016-01-29add docroot-check.sh : check php files inside Apache DocumentRootJulien "shaddai" Reveret
2016-01-29hashes whitelist updated with wordpress 4.2.3 and 4.4.1 FPJulien "shaddai" Reveret
2016-01-28fix typoSebastien Blot
2016-01-28update changelogSebastien Blot
2016-01-28ignore errors in clean ruleSebastien Blot
2016-01-12new rules : ini_get, disable_magic_quotes and restore_bypass updatedshaddai
these rules were added in order to detect new malware samples from https://github.com/nikicat/web-malware-collection
2016-01-12new malware repository addedshaddai
2016-01-12added register_globals to restore_bypass, new rules : ini_get and ↵Julien "shaddai" Reveret
disable_magic_quotes
2016-01-05Update the documentationjvoisin
2016-01-05Refactor the `;eval(` rulejvoisin
2016-01-05Cleanup the wordlistjvoisin
2016-01-04Revert a broken/wip commitjvoisin
2016-01-04Add a rule to match multiplescommentsjvoisin
2016-01-04Add some rulesjvoisin
2016-01-04fix overwrite by previous commitshaddai
2016-01-04one_line_trick functionshaddai
The newly added function allows to check for files containing oneliners webshells, these files are mostly composed of one or two very long lines
2016-01-04Fix a stupid typojvoisin
`eval(` patterns are now much better detected.
2016-01-04Add `-t` to specify the number of threads to usejvoisin
2016-01-04Add a whitelist for wordpress 4.4jvoisin
2016-01-04Perf optimization and rules completionjvoisin
2016-01-04Simplify a bit some rulesjvoisin
- Remove `b64_concat` since it was close to useless - Make `too_many_chr` non-greddy Those changes will make our malwares.yara rules yara-git friendly.
2015-12-11cleaning rule updatedJulien "shaddai" Reveret
2015-12-03files with no end of line or less than 3 lines and huge (more than 300) ↵Julien "shaddai" Reveret
amonts of characters are detected as suspicious
2015-12-03added double base64 encoding detectionJulien "shaddai" Reveret
2015-11-26added tennc repo to the listshaddai
2015-11-26new rulesshaddai
some samples from this repo weren't detected : https://github.com/tennc/webshell Fixes #3
2015-11-06added signature for base64 concatenationJulien "shaddai" Reveret
2015-11-02packaging inside a squeeze chroot modifies the malwares.yara file, adding a ↵Julien "shaddai" Reveret
git checkout to make sure it is restored before packaging starts
2015-10-29indent with spacesMathieu Deous
2015-10-29Merge branch 'master' of gitlab.nbs-system.com:packages/php-malware-finderMathieu Deous
Conflicts: php-malware-finder/bin/yara
2015-10-29reverting change since it triggers too many false positivesJulien "shaddai" Reveret