From ae99e3ebd30b21cf3d6b514a17f069f8b9675726 Mon Sep 17 00:00:00 2001
From: Julien (jvoisin) Voisin
Date: Wed, 11 May 2016 12:58:12 +0200
Subject: LD_PRELOAD isn't cool

---
 php-malware-finder/common.yar | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php-malware-finder/common.yar b/php-malware-finder/common.yar
index 38b6726..ff0c988 100644
--- a/php-malware-finder/common.yar
+++ b/php-malware-finder/common.yar
@@ -88,6 +88,7 @@ rule DodgyStrings
         $ = "kernel32.dll" fullword nocase
         $ = "kingdefacer" nocase
         $ = "Wireghoul" nocase fullword
+        $ = "LD_PRELOAD" fullword
         $ = "libpcprofile"  // CVE-2010-3856 local root
         $ = "locus7s" nocase
         $ = "ls -la" fullword
-- 
cgit v1.3