From efefe633e1d5e0b42f12e2c4bc0e15c186d9e6fb Mon Sep 17 00:00:00 2001
From: Julien (jvoisin) Voisin
Date: Tue, 23 Feb 2016 17:57:37 +0100
Subject: Remove yet another useless rule

---
 php-malware-finder/malwares.yara | 1 -
 1 file changed, 1 deletion(-)

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index 7e2acc0..8fe7b15 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -105,7 +105,6 @@ rule DodgyPhp
         $basedir_bypass = /curl_init\s*\(\s*["']file:\/\//
         $basedir_bypass2 = "file:file:///" // https://www.intelligentexploit.com/view-details.html?id=8719
         $disable_magic_quotes = /set_magic_quotes_runtime\s*\(\s*0/
-        $double_encoding = /(base64_decode\s*\(\s*){2}/
         $execution = /(eval|assert|passthru|exec|system|win_shell_execute|base64_decode)\s*\(\s*(base64_decode|php:\/\/input|str_rot13|gz(inflate|uncompress)|getenv|pack|\\?\$_(GET|REQUEST|POST|COOKIE))/
         $htaccess = "SetHandler application/x-httpd-php"
         $iis_com = /IIS:\/\/localhost\/w3svc/
-- 
cgit v1.3