From be0b64f9bc936c459a6b32e76c6365bc54591b81 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Fri, 30 Dec 2016 13:50:11 +0100
Subject: \x09-\x0d are no-rintable chars, but aren't malicious.

This close #44, thanks to @DrTyrell for spotting this issue ♥
---
 php-malware-finder/php.yar | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/php-malware-finder/php.yar b/php-malware-finder/php.yar
index c3e115a..9b7cf2d 100644
--- a/php-malware-finder/php.yar
+++ b/php-malware-finder/php.yar
@@ -41,7 +41,7 @@ rule NonPrintableChars
 		so we have to use atoms (https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7)
 		to get an acceptable speed.
 		*/
-		$non_printables = /(function|return|base64_decode).{,256}[^\x20-\x7E]{3}/
+		$non_printables = /(function|return|base64_decode).{,256}[^\x09-\x0d\x20-\x7E]{3}/
 
 	condition:
         (any of them) and not IsWhitelisted
-- 
cgit v1.3