summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-02-23Rename a ruleJulien (jvoisin) Voisin
2016-02-23Add a wonderful testsuite!Julien Voisin
2016-02-23Add more simple signaturesJulien Voisin
2016-02-22Fix #16Julien Voisin
Yeah, PMF needs a testsuite.
2016-02-22Remove a rule that triggered too many FPJulien Voisin
It seems that a lot of php developers are using $__ as a legitimate variable name.
2016-02-17Add some sql keywords (xp_*)Julien Voisin
2016-02-15typo fix in malwares.yaraJulien "shaddai" Reveret
2016-02-15some rules cannot be used on a Debian squeeze distributionJulien "shaddai" Reveret
2016-02-15changelog modified for version 0.2.20.2.2Julien "shaddai" Reveret
2016-02-15Reduce FP triggered by the TooShort ruleshaddai
The TooShort rule is now used against *.ph* files in order to reduce the number of false positives triggered by pictures and JS files. Using the wc command ionly once should reduce I/O load too.
2016-02-12posix_* ++Julien Voisin
2016-02-12Add `php://` to the blacklistJulien Voisin
2016-02-12Strings are nocaseJulien Voisin
2016-02-12chmod777Julien Voisin
2016-02-12Add a few artefacts taken from `assdick.php`, aka "fuhosin"Julien Voisin
2016-02-12Makes a rule more genericJulien Voisin
2016-02-12symfony added, new versions of wordpress and drupalshaddai
2016-02-05Update README.mdjvoisin
2016-02-05handle filenames with spacesSebastien Blot
2016-02-03Add yara version requirement in the README fileJulien Voisin
2016-02-03Move the README fileJulien Voisin
2016-02-03Merge branch 'master' of gitlab.nbs-system.com:packages/php-malware-finderJulien Voisin
2016-02-03Finalize mergeJulien Voisin
2016-02-03Merge branch 'master' of github.com:nbs-system/php-malware-finderJulien Voisin
2016-02-03Add some bad_php rulesJulien Voisin
2016-02-010.2.1 : docroot-check.sh addedJulien "shaddai" Reveret
2016-02-01docroot-checker records sha1sums to prevent rescanning the whole docroot ↵Julien "shaddai" Reveret
next time
2016-01-29add docroot-check.sh : check php files inside Apache DocumentRootJulien "shaddai" Reveret
2016-01-29hashes whitelist updated with wordpress 4.2.3 and 4.4.1 FPJulien "shaddai" Reveret
2016-01-28fix typoSebastien Blot
2016-01-28update changelogSebastien Blot
2016-01-28ignore errors in clean ruleSebastien Blot
2016-01-12new rules : ini_get, disable_magic_quotes and restore_bypass updatedshaddai
these rules were added in order to detect new malware samples from https://github.com/nikicat/web-malware-collection
2016-01-12new malware repository addedshaddai
2016-01-12added register_globals to restore_bypass, new rules : ini_get and ↵Julien "shaddai" Reveret
disable_magic_quotes
2016-01-05Update the documentationjvoisin
2016-01-05Refactor the `;eval(` rulejvoisin
2016-01-05Cleanup the wordlistjvoisin
2016-01-04Revert a broken/wip commitjvoisin
2016-01-04Add a rule to match multiplescommentsjvoisin
2016-01-04Add some rulesjvoisin
2016-01-04fix overwrite by previous commitshaddai
2016-01-04one_line_trick functionshaddai
The newly added function allows to check for files containing oneliners webshells, these files are mostly composed of one or two very long lines
2016-01-04Fix a stupid typojvoisin
`eval(` patterns are now much better detected.
2016-01-04Add `-t` to specify the number of threads to usejvoisin
2016-01-04Add a whitelist for wordpress 4.4jvoisin
2016-01-04Perf optimization and rules completionjvoisin
2016-01-04Simplify a bit some rulesjvoisin
- Remove `b64_concat` since it was close to useless - Make `too_many_chr` non-greddy Those changes will make our malwares.yara rules yara-git friendly.
2015-12-11cleaning rule updatedJulien "shaddai" Reveret
2015-12-03files with no end of line or less than 3 lines and huge (more than 300) ↵Julien "shaddai" Reveret
amonts of characters are detected as suspicious