From 1c6cf5f703c3ddeafa43237150f750d4b4ca6a1f Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Mon, 4 Jan 2016 18:09:53 +0100
Subject: Revert a broken/wip commit

---
 malwares.yara    |  1 +
 phpmalwarefinder | 22 ++--------------------
 2 files changed, 3 insertions(+), 20 deletions(-)

diff --git a/malwares.yara b/malwares.yara
index ee6ea07..c3679b2 100644
--- a/malwares.yara
+++ b/malwares.yara
@@ -199,6 +199,7 @@ rule DodgyStrings
         $ = "ps -aux" fullword
         $ = "b374k" fullword
         $ = /(reverse|web)\s*shell/ nocase
+        $ = /\t{16,}?/
 
         $vbs = /language\s*=\s*vbscript/ nocase
         $asp = "scripting.filesystemobject" nocase
diff --git a/phpmalwarefinder b/phpmalwarefinder
index 186218a..2c11fe0 100755
--- a/phpmalwarefinder
+++ b/phpmalwarefinder
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 
+
 YARA=$(type -P yara)
 CONFIG_PATH='/etc/phpmalwarefinder/malwares.yara'
 IONICE_BIN=$(type -P ionice)
@@ -27,23 +28,6 @@ else
     fi
 fi
 
-# before starting yara, check if the file
-one_line_trick() {
-
-  for file in $(find $@ -type f); do
-    line_num=$(wc -l $file | cut -d' ' -f1)
-    char_num=$(wc -c $file | cut -d' ' -f1)
-
-    if [ "$line_num" -le "2" ]; then
-        # humm, 2 lines long file ?
-        if [ "$char_num" -ge "300" ]; then
-            echo TooShort $file
-        fi;
-    fi;
-  done;
-
-}
-
 show_help() {
     cat << EOF
 Usage ${0##*/} [-cfhw] <file|folder> ...
@@ -94,7 +78,7 @@ then
     exit 1
 fi
 
-if [ -z $@ ]
+if [ -z "$@" ]
 then
     show_help
     exit 1
@@ -108,6 +92,4 @@ fi
 
 OPTS="${OPTS} -r ${CONFIG_PATH}"
 
-one_line_trick $@
-
 ${NICE} ${NICE_OPTS} $YARA $OPTS $@
-- 
cgit v1.3