From c58fff51d33f2067ec23a4b8bb4426f0f18150ee Mon Sep 17 00:00:00 2001
From: Julien "shaddai" Reveret
Date: Fri, 26 Aug 2016 16:57:13 +0200
Subject: wordpress whitelist update

---
 php-malware-finder/whitelists/wordpress.yar | 58 ++++++++++++++++++++++++++++-
 1 file changed, 57 insertions(+), 1 deletion(-)

diff --git a/php-malware-finder/whitelists/wordpress.yar b/php-malware-finder/whitelists/wordpress.yar
index 3583ce3..55044ef 100644
--- a/php-malware-finder/whitelists/wordpress.yar
+++ b/php-malware-finder/whitelists/wordpress.yar
@@ -364,17 +364,41 @@ private rule Wordpress : Blog
         hash.sha1(0, filesize) == "ccc4f836aafdf9d7323eb3b83902edac23e66250" or // wp-includes/load.php
         hash.sha1(0, filesize) == "8e82a4af96877e60d6e0c768171f19b36ac60196" or // wp-admin/includes/schema.php
         hash.sha1(0, filesize) == "4bfa19d7a879df5ee8cf3b22e4900661c0759fea" or // wp-admin/includes/class-ftp.php
+        hash.sha1(0, filesize) == "b7fd39d2ac1f13973569e5feff5e17b64e247a0e" or // wp-includes/post.php
+        hash.sha1(0, filesize) == "c605d1224cf4b24ad2457dd87885de9030e20731" or // wp-includes/SimplePie/File.php
+        hash.sha1(0, filesize) == "eca359bf91e9f7ad1539417bbe7dab5ebfe0bcf5" or // wp-includes/media.php
+        hash.sha1(0, filesize) == "8b5ce8366686fe524bcba135c4b6ffc03480769a" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "8c5ba6d965dbdb2b3e16e59f72e5a0b6559994f1" or // wp-includes/comment.php
+        hash.sha1(0, filesize) == "2d344715841e1762e65f34a4c63f9d13f517b084" or // wp-admin/includes/upgrade.php
+        hash.sha1(0, filesize) == "879a7bd2948313764c701864fa065db5d20fbf2a" or // wp-includes/query.php
+
 
         /* Wordpress 4.4.1 */
         hash.sha1(0, filesize) == "bfbd2845d3c931b6db059d9e968aa8ba86e6a92c" or // wp-includes/class-IXR.php
         hash.sha1(0, filesize) == "b101b029420f3a93bf81c806be728863462f4898" or // wp-includes/functions.php
         hash.sha1(0, filesize) == "d07798ef2f94bf0d1d34287378013e67104d0f89" or // wp-includes/class-phpmailer.php
+        hash.sha1(0, filesize) == "64c328619d8ea6a21a04e55a500f4e05af718bf7" or // wp-includes/post.php
+        hash.sha1(0, filesize) == "fc8a9e33a671118a69d36352bcd1e66e0c55516a" or // wp-includes/media.php
+        hash.sha1(0, filesize) == "38217628cce1d6a52f17afc3ca6bf204e13fd26b" or // wp-includes/comment.php
+        hash.sha1(0, filesize) == "c312ae274a2b110de70fd767ccfcafc3231dcf31" or // wp-includes/query.php
+        hash.sha1(0, filesize) == "7db1719874b1415e54981c6f1ed698274abffd28" or // wp-includes/formatting.php
 
         /* Wordpress 4.4.2 */
         hash.sha1(0, filesize) == "0248f8986d459efe56f888258f3588b1ab3f5c3e" or // wp-includes/load.php
+        hash.sha1(0, filesize) == "6e99d2964ccc25e6c1cbec018acfd8e71d361b58" or // wp-includes/query.php
+        hash.sha1(0, filesize) == "4e63ff8623f0b0e5f0f016711d0fcd3fd4dad7fb" or // wp-includes/formatting.php
+
 
         /* Wordpress 4.4.3 */
         hash.sha1(0, filesize) == "d5b3eb3d5606a6deff3df44b21c1a0b72ea3db22" or // wp-admin/includes/template.php
+        hash.sha1(0, filesize) == "ef1193d1b4dbf9d8d7ff46f0c91da73fb8b26530" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "ec6a2d6f19ba0020383097a0368e8905fbfd832f" or // wp-includes/query.php
+        hash.sha1(0, filesize) == "18596b04313c48a4d5f83e0f79adb393b9f9e682" or // wp-includes/formatting.php
+
+       /* Wordpress 4.4.4 */                                                   
+        hash.sha1(0, filesize) == "a8970bf00185e6f515dd5a461ad3ba97a409fbeb" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "e4c1f5bfd8b4551d32b2b966bbc20a67c333e4b1" or // wp-includes/formatting.php
+
 
         /* Wordpress 4.5 */
         hash.sha1(0, filesize) == "d7b08235a591289efbb34dce747655e7bf3eb8a0" or // wp-includes/js/tinymce/tinymce.min.js
@@ -384,11 +408,43 @@ private rule Wordpress : Blog
         hash.sha1(0, filesize) == "e1e2beae1fd39713a557f3708712648b13a55594" or // wp-includes/load.php
         hash.sha1(0, filesize) == "559be10bef70c9a098eefc7d858ec568b803e34b" or // wp-admin/includes/schema.php
         hash.sha1(0, filesize) == "3f5c09257f346218dcbc424e68cb7f7536e9c415" or // wp-admin/includes/class-ftp.php
+        hash.sha1(0, filesize) == "f4581cc5d8d6f537f01929377186dd4276359b2d" or // wp-includes/post.php
+        hash.sha1(0, filesize) == "268f4606d2309a9f5996410cae17c7adafc84fd3" or // wp-includes/media.php
+        hash.sha1(0, filesize) == "7754fb3e64d575d78fb222eb1ee876a90104fbb1" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "97a611917ce4c3f8e11f2e763d894a3e1e2bba45" or // wp-includes/comment.php
+        hash.sha1(0, filesize) == "6f241327941dcfc47bc9560e64840030fa33082d" or // wp-admin/includes/upgrade.php
+        hash.sha1(0, filesize) == "c6679fc46c084dac514238d5bee7c998470407e6" or // wp-includes/query.php
+        hash.sha1(0, filesize) == "02b7d1b238568bd1d5c27950187e014b66ad84fc" or // wp-includes/formatting.php
+        hash.sha1(0, filesize) == "333f00a13cc2930a62d2297cbd768cf1b998bd55" or // wp-includes/deprecated.php
+
 
         /* Wordpress 4.5.1 */
         hash.sha1(0, filesize) == "39ae0d6483c7e6dd5591f65291902d531a46d212" or // wp-includes/js/tinymce/tinymce.min.js
         hash.sha1(0, filesize) == "097037e0796d61d62497c7112067baab49efb7e3" or // wp-includes/functions.php
+        hash.sha1(0, filesize) == "55bb1de0036e3d648e77c0680f472bc59223103d" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "640144656d09b8dbd02bb50b26b3731721e1b519" or // wp-includes/formatting.php
 
         /* Wordpress 4.5.3 */
-        hash.sha1(0, filesize) == "f3cc06e022008a67f5f29359ef886bd164d2b5b3"    // wp-includes/load.php
+        hash.sha1(0, filesize) == "f3cc06e022008a67f5f29359ef886bd164d2b5b3" or // wp-includes/load.php
+        hash.sha1(0, filesize) == "b8202b8801fbc236cb2baa52e95f845acdaddfe5" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "90168c265f327bbf1fa0a03277559252535193b5" or // wp-admin/includes/upgrade.php
+        hash.sha1(0, filesize) == "bd4825cdd9770c2a56285f1a943405aac5d3f8b7" or // wp-includes/formatting.php
+
+        /* Wordpress 4.6 */
+        hash.sha1(0, filesize) == "01b00537f8ea6c0e7d567ce0cb85adafc0766293" or // wp-includes/post.php
+        hash.sha1(0, filesize) == "73971e6d086c60ee8706fe3672427baf36cbfc47" or // wp-includes/media.php
+        hash.sha1(0, filesize) == "40ecd46843d363a5b972b7fb58f5c7501f828bd3" or // wp-admin/includes/ajax-actions.php
+        hash.sha1(0, filesize) == "620448d18321742dd574d3cc90b284d898d2c881" or // wp-includes/comment.php
+        hash.sha1(0, filesize) == "98cf7396f0e2fe49f20363ae524d4bacbf1e6b7a" or // wp-includes/js/tinymce/tinymce.min.js
+        hash.sha1(0, filesize) == "6e1c4904233c9e7cccabef93130cae63515d121f" or // wp-admin/includes/upgrade.php
+        hash.sha1(0, filesize) == "dab050dcb7b3e879aefb6512711890e36235f60b" or // wp-includes/deprecated.php
+        hash.sha1(0, filesize) == "a59a22eaf8fe475582932ded5d78941abb987f63" or // wp-includes/class-IXR.php
+        hash.sha1(0, filesize) == "4d9ac49f01d52386b2a1008a89665f8d009b48f3" or // wp-admin/includes/template.php
+        hash.sha1(0, filesize) == "1d045097928a420aa2b0bdded2858e06103eff12" or // wp-includes/query.php
+        hash.sha1(0, filesize) == "3c872daa02b246f059db6f2ccf4861bf2c0fc71e" or // wp-includes/functions.php
+        hash.sha1(0, filesize) == "4d14f4a0e6dee443781f8a4d0dcc179f05cb7508" or // wp-includes/formatting.php
+        hash.sha1(0, filesize) == "dfe0e8b745d516ee953c36a91f5e381868d1d9ee" or // wp-includes/load.php
+        hash.sha1(0, filesize) == "42f94321c15d9d03ef6b108beebabf20a5e36f9e" or // wp-admin/includes/schema.php
+        hash.sha1(0, filesize) == "ed16b47ec6fbe3786d62fa0648a87ab225a5b498"    // wp-admin/includes/class-pclzip.php
+
 }
-- 
cgit v1.3