index
:
php-malware-finder
master
migrate-ci
Detect potentially malicious PHP files
summary
refs
log
tree
commit
diff
log msg
author
committer
range
path:
root
/
data
/
php.yar
(
unfollow
)
Age
Commit message (
Expand
)
Author
2023-02-28
Add a simple rule
Julien Voisin
2022-05-02
Make application go-install-able and create a docker image
Mathieu Deous
2020-10-01
Add a keyword for a rule
jvoisin
2020-07-01
Fix a yara warning
jvoisin
2020-04-03
Fix php-malware-finder for yara > 4.0.0
jvoisin
2019-10-22
Remove a duplicate keyword in php.yar
shaddai
2018-06-26
Detect things like '@include'
jvoisin
2018-05-29
Add detection for Nano
jvoisin
2018-02-21
Add a detection for things like `eval/* …*/(`
jvoisin
2018-02-21
Some regexps are now matching on word boundaries
jvoisin
2018-02-21
Major cleanup of useless files
jvoisin
2017-11-21
Add a new sample, and a way to detect it
jvoisin
2017-07-26
Add some detections
jvoisin
2017-07-09
Add ob_start as dodgy php (#56)
Fariskhi Vidyan
2017-04-26
Add a detection for a smart webshell
jvoisin
2016-12-30
\x09-\x0d are no-rintable chars, but aren't malicious.
jvoisin
2016-12-09
Add a detection for register_shutdown_function
jvoisin
2016-12-08
Add a '${${' rule
jvoisin
2016-12-08
@eval isn't legit at all
jvoisin
2016-12-01
Add a new detection way
jvoisin
2016-11-04
`SERVER['HTTP_*` is user-controllable.
0.3.4
Julien (jvoisin) Voisin
2016-10-31
Improves the detection of concatenation-based obfuscation
Julien (jvoisin) Voisin
2016-10-27
It seems that `and` has a precedence over `or`, unsurprisingly
Julien (jvoisin) Voisin
2016-10-27
Extend whitelisting support
Julien (jvoisin) Voisin
2016-08-30
Add a rule to detect some obfuscated samples
Julien (jvoisin) Voisin
2016-07-16
Remove an obsolete test
jvoisin
2016-07-09
Reduce "too_many_chr" false positives
jvoisin
2016-07-08
Fix the previous commit
jvoisin
2016-07-07
Add more images detection
Julien (jvoisin) Voisin
2016-07-07
Factorize a bit the code, and add GIF-based backdoor detection
Julien (jvoisin) Voisin
2016-06-27
Add detection for a callback-based malwares
Julien (jvoisin) Voisin
2016-06-17
typo fix, sha1 hashes are 40 chars long
Julien "shaddai" Reveret
2016-06-16
Cloudflare rule is _public_, no need to put it in another rule
Julien (jvoisin) Voisin
2016-06-16
s/win_shell_exec/shell_exec/g
Julien (jvoisin) Voisin
2016-06-16
Detect backdoor-looking authentication schemes
Julien (jvoisin) Voisin
2016-06-16
The cloudflare rule is a public one
Julien (jvoisin) Voisin
2016-06-13
Improves a bit the detection of preg_replace stuff
Julien (jvoisin) Voisin
2016-05-11
Fix some false-positive
Julien (jvoisin) Voisin
2016-04-21
Renaming .yara files to .yar (#24)
xarkes
2016-04-11
Whitelist UHTMLPufifier
Julien (jvoisin) Voisin
2016-04-11
Fixed debian package + readme
xarkes
2016-03-31
Add ASP webshell detection
xarkes
2016-03-23
Make PMF work on yara-git
Julien (jvoisin) Voisin
2016-03-01
Add detection for backdoored .htaccess
Julien (jvoisin) Voisin
2016-03-01
Detect backticks
Julien (jvoisin) Voisin
2016-03-01
Simplify the previous commit
Julien (jvoisin) Voisin
2016-03-01
Add a rule to catch fancy .htaccess tricks
Julien (jvoisin) Voisin
2016-02-26
Add yet another cool bypass, thanks to @badluck81
Julien (jvoisin) Voisin
2016-02-26
Fix a really cool bypass
Julien (jvoisin) Voisin
2016-02-26
Add some embedded perl-script detection
Julien (jvoisin) Voisin
[next]
