From f9e7357cdc5e006f528235a12f9cd72973aa0dbe Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Thu, 21 May 2015 11:31:28 +0200
Subject: Remove a slow-and-false-positives-generating rule

---
 malwares.yara | 1 -
 1 file changed, 1 deletion(-)

diff --git a/malwares.yara b/malwares.yara
index 792c0d2..deb5f5f 100644
--- a/malwares.yara
+++ b/malwares.yara
@@ -110,7 +110,6 @@ rule DodgyPhp
         $htaccess = "SetHandler application/x-httpd-php"
         $obvious_preg = /['"]\/\.\*\/e["']/ fullword  // "/.*/e" <- this is suspicious
         $udp_dos = /sockopen\s*\(['"]udp:\/\//
-        $stored_func = /\$[A-Za-z0-9_-]+\[([0-9]+|['"][^'"]+['"])\]\s*\(/  // things like $myArray['varname'](parameters, ...)
 
     condition:
         IsPhp and (any of them or CloudFlareBypass)
-- 
cgit v1.3