From 539245a12a06763b5d77b9c01a9b3312b8d69f9f Mon Sep 17 00:00:00 2001
From: Julien "shaddai" Reveret
Date: Fri, 29 Jan 2016 10:32:22 +0100
Subject: hashes whitelist updated with wordpress 4.2.3 and 4.4.1 FP

---
 php-malware-finder/whitelist.yara | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/php-malware-finder/whitelist.yara b/php-malware-finder/whitelist.yara
index 858860d..a798ee8 100644
--- a/php-malware-finder/whitelist.yara
+++ b/php-malware-finder/whitelist.yara
@@ -6,6 +6,16 @@
 private rule Wordpress : Blog
 {
     condition:
+        /* Wordpress 4.4.1 */
+        hash.sha1(0, filesize)  == "7db1719874b1415e54981c6f1ed698274abffd28" or // wp-includes/formatting.php
+        hash.sha1(0, filesize)  == "ccd23ef96a588840943fba081bfa6f88531c4abc" or // wp-admin/includes/class-pclzip.php
+
+        /* Wordpress 4.2.3 */
+        hash.sha1(0, filesize)  == "f1c4697ae04da5eb19847c8f1296edce2ad3cec9" or // wp-includes/formatting.php
+        hash.sha1(0, filesize)  == "e7caf1f66c38bb119fe709ade012a989d8610f07" or // wp-admin/includes/class-pclzip.php
+        hash.sha1(0, filesize)  == "8ddb9eff06105b9699c6b03db54472291abcb823" or // wp-includes/taxonomy.php
+        hash.sha1(0, filesize)  == "9dd666651f57ef6e704310fe37ffce7dfd2322e4" or // wp-includes/comment.php
+
         /* Wordpress 3.5.1 */
         hash.sha1(0, filesize)  == "833281b4d1113180e4d1ca026f5e85a680d52662" or // wp-includes/class-phpmailer.php
         hash.sha1(0, filesize)  == "b4e4b88f2be38ed9c3147b77c2f3a7f929caba2c" or // wp-admin/includes/menu.php
-- 
cgit v1.3