From ff2443d4ee9a94163898dce91ff575cd77407991 Mon Sep 17 00:00:00 2001
From: Julien Voisin
Date: Wed, 17 Feb 2016 10:46:25 +0100
Subject: Add some sql keywords (xp_*)

---
 php-malware-finder/malwares.yara | 1 +
 1 file changed, 1 insertion(+)

diff --git a/php-malware-finder/malwares.yara b/php-malware-finder/malwares.yara
index 2384f05..1a4b940 100644
--- a/php-malware-finder/malwares.yara
+++ b/php-malware-finder/malwares.yara
@@ -224,6 +224,7 @@ rule DodgyStrings
         $ = /(reverse|web)\s*shell/ nocase
         $ = /\/bin\/(ba)?sh/ fullword
         $ = /hack(ing|er)/ nocase
+        $ = /xp_(execresultset|regenumkeys|cmdshell|filelist)/
 
         $vbs = /language\s*=\s*vbscript/ nocase
         $asp = "scripting.filesystemobject" nocase
-- 
cgit v1.3