From 291a93a623ca1895f5fec010dba75783bfa1fb5d Mon Sep 17 00:00:00 2001
From: Julien Voisin
Date: Fri, 12 Feb 2016 16:33:21 +0100
Subject: posix_* ++

---
 php-malware-finder/malwares.yara | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index dc46b24..06b64c4 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -148,8 +148,19 @@ rule DangerousPhp
         $ = "phpinfo" fullword
         $ = "posix_geteuid" fullword
         $ = "posix_getgid" fullword
+        $ = "posix_getpgid" fullword
+        $ = "posix_getppid" fullword
+        $ = "posix_getpwnam" fullword
         $ = "posix_getpwuid" fullword
+        $ = "posix_getsid" fullword
         $ = "posix_getuid" fullword
+        $ = "posix_kill" fullword
+        $ = "posix_setegid" fullword
+        $ = "posix_seteuid" fullword
+        $ = "posix_setgid" fullword
+        $ = "posix_setpgid" fullword
+        $ = "posix_setsid" fullword
+        $ = "posix_setsid" fullword
         $ = "posix_setuid" fullword
         $ = "preg_replace_callback" fullword
         $ = "proc_open" fullword
-- 
cgit v1.3