From c5a2b0115a6a63a4ea16726e2470967271310109 Mon Sep 17 00:00:00 2001
From: Julien (jvoisin) Voisin
Date: Fri, 26 Feb 2016 11:54:03 +0100
Subject: Add some embedded perl-script detection

---
 php-malware-finder/malwares.yara | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index 81de9e5..5c3cc1e 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -78,6 +78,7 @@ private rule base64
         $preg_replace = "cHJlZ19yZXBsYWNl"
         $exec = "ZXhlYyg"
         $base64_decode = "YmFzZTY0X2RlY29kZ"
+        $perl_shebang = "IyEvdXNyL2Jpbi9wZXJsCg"
     condition:
         any of them
 }
-- 
cgit v1.3