From a13e01e548d4870afa7c2572dfa35f3600b1b71e Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Fri, 3 Mar 2017 10:59:00 +0100
Subject: Add a test for "AddType application/x-httpd-cgi"

---
 php-malware-finder/common.yar | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php-malware-finder/common.yar b/php-malware-finder/common.yar
index 184e5ce..82d1235 100644
--- a/php-malware-finder/common.yar
+++ b/php-malware-finder/common.yar
@@ -80,7 +80,7 @@ rule DodgyStrings
 {
     strings:
         $ = ".bash_history"
-        $ = /AddType\s+application\/x-httpd-php/ nocase
+        $ = /AddType\s+application\/x-httpd-(php|cgi)/ nocase
         $ = /php_value\s*auto_prepend_file/ nocase
         $ = /SecFilterEngine\s+Off/ nocase  // disable modsec
         $ = /Add(Handler|Type|OutputFilter)\s+[^\s]+\s+\.htaccess/ nocase
-- 
cgit v1.3