summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-01-04one_line_trick functionshaddai
The newly added function allows to check for files containing oneliners webshells, these files are mostly composed of one or two very long lines
2016-01-04Fix a stupid typojvoisin
`eval(` patterns are now much better detected.
2016-01-04Add `-t` to specify the number of threads to usejvoisin
2016-01-04Add a whitelist for wordpress 4.4jvoisin
2016-01-04Perf optimization and rules completionjvoisin
2016-01-04Simplify a bit some rulesjvoisin
- Remove `b64_concat` since it was close to useless - Make `too_many_chr` non-greddy Those changes will make our malwares.yara rules yara-git friendly.
2015-11-26added tennc repo to the listshaddai
2015-11-26new rulesshaddai
some samples from this repo weren't detected : https://github.com/tennc/webshell Fixes #3
2015-10-15Merge pull request #12 from jvoisin/patch-1blotus
Fix #11
2015-10-15Fix #11jvoisin
This is a bit hackish, but I can't manage to find a more elegant way to do it.
2015-09-08Merge pull request #9 from gdelpierre/masterblotus
fix shebang typo
2015-09-08fix shebang typoGuillaume Delpierre
2015-09-08Merge pull request #8 from gdelpierre/masterblotus
Add shebang
2015-09-08Add shebangGuillaume Delpierre
2015-09-08remove empty lineGuillaume Delpierre
2015-09-08Remove glob library, not usedGuillaume Delpierre
2015-09-08Add shebangGuillaume Delpierre
2015-09-08Merge pull request #7 from gdelpierre/masterblotus
Use bash built-in and use portability shebang
2015-09-08Use type built-in instead of commandGuillaume Delpierre
2015-09-08TypoGuillaume Delpierre
2015-09-08Use bash builtinGuillaume Delpierre
2015-09-08PortabilityGuillaume Delpierre
2015-08-29Merge pull request #5 from ahpnils/masterMathieu D.
Update the whitelist for Dotclear 2.8.0
2015-08-28Add whitelist for Dotclear 2.8.0ahpnils
2015-08-28try to manually sync with upstreamahpnils
2015-08-28Merge remote-tracking branch 'upstream/master'ahpnils
2015-07-17Merge pull request #4 from ahpnils/ahpnils-patch-1blotus
added usage of nice when ionice is not available
2015-07-14added usage of nice when ionice is not availableNils
On some platforms (e.g. NetBSD, OS X), ionice is not available. This patch enables a fallback to nice. If neither ionice or nice are installed, an error message is displayed.
2015-07-14added usage of nice when ionice is not availableNils
On some platforms (e.g. NetBSD, OS X), ionice is not available by default. This patch checks for ionice availability, and switch back to nice if needed. In the case none of them are installed, an error is displayed.
2015-07-13remove yara binarySebastien Blot
2015-07-13Yara is not bundled anymorejvoisin
2015-07-13Add a license and a readmejvoisin
2015-07-13Fix a bit the build systemjvoisin
2015-07-13Remove useless scriptsjvoisin
2015-07-13Add a whitelist generatorjvoisin
2015-07-13Add Magento 1.9.2.0 in whitelistjvoisin
2015-07-13Add a match on `array_filter`jvoisin
2015-07-10add yara binarySebastien Blot
2015-07-10Add Phpmyadmin in whitelisjvoisin
2015-07-10Add Owncloud, Dotclear, concrete5, roundcube and more drupal to thejvoisin
whitelsit
2015-07-10Whitelist also works for keywordsjvoisin
2015-07-09Add some commentsjvoisin
2015-07-09Simplify the php rulejvoisin
2015-07-09Add some drupal rulesjvoisin
2015-07-09Add some Magento whitelistsjvoisin
2015-07-09Split the whitelist in another filejvoisin
2015-07-09Add whitelist for wordpress 3.2.1jvoisin
2015-07-09Add a whitelist for wordpress 3.5.1jvoisin
2015-07-09Use anonymous strings where it makes sense to do so.jvoisin
2015-07-09make IsPhp a global rulejvoisin