From 5db01cd6e40b3c5b65c4d79f5fd3c67248658a24 Mon Sep 17 00:00:00 2001
From: Julien "shaddai" Reveret
Date: Mon, 31 Oct 2016 14:11:55 +0100
Subject: removing dup entry and adding wp 4.2.4 whitelists

---
 php-malware-finder/whitelists/wordpress.yar | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/php-malware-finder/whitelists/wordpress.yar b/php-malware-finder/whitelists/wordpress.yar
index b8d53d9..79655f1 100644
--- a/php-malware-finder/whitelists/wordpress.yar
+++ b/php-malware-finder/whitelists/wordpress.yar
@@ -278,7 +278,6 @@ private rule Wordpress : Blog
         /* Wordpress 3.9 */
         hash.sha1(0, filesize) == "674103e9be90964eeb0976d1eb8a389536bd4a0e" or // wp-includes/images/spinner-2x.gif
         hash.sha1(0, filesize) == "66e190e129136b9cc01fab3277c3675ca414a3d2" or // wp-content/plugins/akismet/class.akismet-admin.php
-        hash.sha1(0, filesize) == "674103e9be90964eeb0976d1eb8a389536bd4a0e" or // wp-admin/images/spinner-2x.gif
         hash.sha1(0, filesize) == "eb97a3e94bd576d7e18b86eda34dd5fb52ca581a" or // wp-includes/class-IXR.php
         hash.sha1(0, filesize) == "999034fc7d1aee5c45b63511e91ec57ce29709e3" or // wp-admin/includes/template.php
         hash.sha1(0, filesize) == "e4e7a298eaa8383c7d3ae8e084600bc73c5a5d79" or // wp-includes/class-wp-customize-control.php
@@ -343,6 +342,17 @@ private rule Wordpress : Blog
         hash.sha1(0, filesize) == "8ddb9eff06105b9699c6b03db54472291abcb823" or // wp-includes/taxonomy.php
         hash.sha1(0, filesize) == "9dd666651f57ef6e704310fe37ffce7dfd2322e4" or // wp-includes/comment.php
 
+        /* Wordpress 4.2.4 */
+        hash.sha1(0, filesize) == "20176473436fa9be554659f5f921a2b08fc66c9e" or // wordpress/wp-admin/includes/upgrade.php
+        hash.sha1(0, filesize) == "4be1c9f6825b163668c5c9084032f058379e9d25" or // wordpress/wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "aae4e9c2ad0bfa7cebe4e19fdddba3119197dc6f" or // wordpress/wp-includes/post.php
+        hash.sha1(0, filesize) == "85f1d5a71013a3e75b88ab1a6679c02df01179b5" or // wordpress/wp-includes/default-widgets.php
+        hash.sha1(0, filesize) == "ddc3c60de72339299e91aba2ccd4f31d931f8be5" or // wordpress/wp-includes/deprecated.php
+        hash.sha1(0, filesize) == "4bdf423a6e85a54f72f12f75ffbf4cd1db13a0eb" or // wordpress/wp-includes/query.php
+        hash.sha1(0, filesize) == "005f02927a6904c4e7f3b88ebdd9feaa6221790b" or // wordpress/wp-includes/class-phpmailer.php
+        hash.sha1(0, filesize) == "659c78aafc334c6076c1543202bca090a1eedf2b" or // wordpress/wp-includes/media.php
+        hash.sha1(0, filesize) == "71f2de7b22628efdb6074ad44aa33dc10de1c473" or // wordpress/wp-includes/formatting.php
+
         /* Wordpress 4.3 */
         hash.sha1(0, filesize) == "2d97f1953b9cc70c72a53515d5339ad46875bba8" or // wp-content/plugins/akismet/class.akismet-admin.php
         hash.sha1(0, filesize) == "f563d6766a7ef4812132ccb6964faff2f565c4b4" or // wp-includes/js/tinymce/tinymce.min.js
-- 
cgit v1.3