From 092e77e8d2a1c9bbc40d5db2a7dca55e79ef0466 Mon Sep 17 00:00:00 2001
From: Julien "shaddai" Reveret
Date: Fri, 28 Oct 2016 16:41:26 +0200
Subject: new magento whitelists

---
 php-malware-finder/whitelist.yar | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/php-malware-finder/whitelist.yar b/php-malware-finder/whitelist.yar
index b957660..056be94 100644
--- a/php-malware-finder/whitelist.yar
+++ b/php-malware-finder/whitelist.yar
@@ -16,6 +16,28 @@ include "whitelists/custom.yar"
 private rule Magento : ECommerce
 {
     condition:
+        /* Magento 1.14.2.0 */
+        hash.sha1(0, filesize)  == "039ad85dc5940947849f7fe1a179563c829403ab" or // lib/PEAR/XML/Parser/Simple.php
+        hash.sha1(0, filesize)  == "5f577c2a35ababbf39e0efb53294e5adf523822b" or // lib/PEAR/XML/Serializer.php
+        hash.sha1(0, filesize)  == "27f0e4b1a09e816e40f9e6396c2d4a3cabdb2797" or // lib/PEAR/XML/Parser.php
+        hash.sha1(0, filesize)  == "258522ff97a68138daf0566786b22e722c0ff520" or // lib/PEAR/XML/Unserializer.php
+        hash.sha1(0, filesize)  == "a90d7f679a41443d58d5a96bcb369c3196a19538" or // iib/PEAR/SOAP/Base.php
+        hash.sha1(0, filesize)  == "7faa31f0ee66f32a92b5fd516eb65ff4a3603156" or // lib/PEAR/SOAP/WSDL.php
+        hash.sha1(0, filesize)  == "6b3f32e50343b70138ce4adb73045782b3edd851" or // lib/phpseclib/Net/SSH1.php
+        hash.sha1(0, filesize)  == "ea4c5c75dc3e4ed53c6b9dba09ad9d23f10df9d5" or // lib/phpseclib/Crypt/Rijndael.php
+        hash.sha1(0, filesize)  == "eb9dd8ec849ef09b63a75b367441a14ca5d5f7ae" or // lib/phpseclib/Crypt/Hash.php
+        hash.sha1(0, filesize)  == "a52d111efd3b372104ebc139551d2d8516bbf5e0" or // lib/phpseclib/Crypt/RSA.php
+
+        /* Magento 1.13.0.0 */
+        hash.sha1(0, filesize)  == "988006fe987a3c192d74b355a5011326f7728d60" or // lib/PEAR/PEAR/PEAR.php
+        hash.sha1(0, filesize)  == "0747f27fd0469608d1686abeaf667d9ad2b4c214" or // lib/PEAR/Mail/mime.php
+        hash.sha1(0, filesize)  == "6c0b33527f8e4b0cab82fc9ba013549f945fad75" or // lib/PEAR/SOAP/Transport/HTTP.php
+        hash.sha1(0, filesize)  == "9a340997bddbee19c1ec9ed62aa3b7e7a39d620a" or // lib/PEAR/PEAR.php
+        hash.sha1(0, filesize)  == "a11e09ee903fe2a1f8188b27186d2dd5098419af" or // app/code/core/Mage/Adminhtml/Model/Url.php
+        hash.sha1(0, filesize)  == "c60a936b7a532a171b79e17bfc3497de1e3e25be" or // app/code/core/Mage/Dataflow/Model/Profile.php
+        hash.sha1(0, filesize)  == "9947a190e9d82a2e7a887b375f4b67a41349cc7f" or // app/code/core/Mage/Core/Model/Translate.php
+        hash.sha1(0, filesize)  == "5fe6024f5c565a7c789de28470b64ce95763e3f4" or // cron.php
+
         /* Magento 1.9.2.0 */
         hash.sha1(0, filesize)  == "4fa9deecb5a49b0d5b1f88a8730ce20a262386f7" or // lib/Zend/Session.php
         hash.sha1(0, filesize)  == "f214646051f5376475d06ef50fe1e5634285ba1b" or // app/code/core/Mage/Adminhtml/Model/Url.php
-- 
cgit v1.3