From 62a06663c2b3089f54d4529d53014699feca7bcb Mon Sep 17 00:00:00 2001
From: rotemreiss
Date: Tue, 4 Sep 2018 17:19:26 +0300
Subject: Installation documentation (#78)

---
 README.md | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index c458785..ae23345 100644
--- a/README.md
+++ b/README.md
@@ -51,13 +51,20 @@ both) category, and should re-read the previous statement.
 
 Detection is performed by crawling the filesystem and testing files against a
 [set](https://github.com/nbs-system/php-malware-finder/blob/master/php-malware-finder/php.yar)
-of [YARA](https://plusvic.github.io/yara/) rules. Yes, it's that simple!
+of [YARA](http://virustotal.github.io/yara/) rules. Yes, it's that simple!
 
 Instead of using an *hash-based* approach,
 PMF tries as much as possible to use semantic patterns, to detect things like
 "a `$_GET` variable is decoded two times, unziped,
 and then passed to some dangerous function like `system`".
 
+## Installation
+- [Install Yara](https://yara.readthedocs.io/en/v3.7.0/gettingstarted.html#compiling-and-installing-yara).  
+This is also possible via some Linux package managers:  
+Debian: `sudo apt-get install yara`  
+Red Hat: `yum install yara` (requires the [EPEL repository](https://fedoraproject.org/wiki/EPEL))
+
+- Download php-maleware-finder `git clone https://github.com/nbs-system/php-malware-finder.git`
 
 ## How to use it?
 
-- 
cgit v1.3