From 25cf61765520c340d641081bbb08382e2aec1e28 Mon Sep 17 00:00:00 2001
From: Julien Voisin
Date: Fri, 12 Feb 2016 13:37:56 +0100
Subject: Add `php://` to the blacklist

---
 php-malware-finder/malwares.yara | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index b348a81..dc46b24 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -203,6 +203,7 @@ rule DodgyStrings
         $ = "ls -la" fullword
         $ = "meterpreter" fullword"
         $ = "nc -l" fullword
+        $ = "php://"
         $ = "ps -aux" fullword
         $ = "rootkit" fullword nocase
         $ = "slowloris" fullword nocase
-- 
cgit v1.3