From b2fc542557d08570faa0dd077d07277c626ddc1b Mon Sep 17 00:00:00 2001 From: xarkes Date: Thu, 21 Apr 2016 11:37:43 +0200 Subject: Renaming .yara files to .yar (#24) --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'README.md') diff --git a/README.md b/README.md index 7ed97d3..0cb901a 100644 --- a/README.md +++ b/README.md @@ -47,7 +47,7 @@ both) category, and should re-read the previous sentence. ## How does it work? Detection is performed by crawling the filesystem and testing files against a -[set]( https://github.com/nbs-system/php-malware-finder/blob/master/php.yara ) +[set]( https://github.com/nbs-system/php-malware-finder/blob/master/php.yar ) of [YARA](https://plusvic.github.io/yara/) rules. Yes, it's that simple! @@ -67,8 +67,8 @@ Usage phpmalwarefinder [-cfhtv] [-l (php|asp)] ... Or if you prefer to use `yara`: ``` -$ yara -r ./php.yara /var/www -$ yara -r ./asp.yara /var/www +$ yara -r ./php.yar /var/www +$ yara -r ./asp.yar /var/www ``` Please keep in mind that you should use at least YARA 3.4 because we're using @@ -79,7 +79,7 @@ Ho, and by the way, you can run the comprehensive testsuite with `make test`. ## Whitelisting -Check the [whitelist.yara]( https://github.com/nbs-system/php-malware-finder/blob/master/whitelist.yara ) file. +Check the [whitelist.yar]( https://github.com/nbs-system/php-malware-finder/blob/master/whitelist.yar ) file. If you're lazy, you can generate whitelists for entire folders with the [generate_whitelist.py]( https://github.com/nbs-system/php-malware-finder/blob/master/generate_whitelist.py ) script. -- cgit v1.3