diff --git a/definitions/patterns_raw.txt b/definitions/patterns_raw.txt
index 45b29ce..fde3486 100644
--- a/definitions/patterns_raw.txt
+++ b/definitions/patterns_raw.txt
@@ -386,4 +386,10 @@ cGhwOi8vaW5wdXQ=
 explode('?>',$shell
 
 # common mobile agent check in SEO poison scripts
-Array("1207", "3gso", "4thp", "501i", "502i", "503i", "504i", "505i", "506i",
\ No newline at end of file
+Array("1207", "3gso", "4thp", "501i", "502i", "503i", "504i", "505i", "506i",
+
+# eval url decoded string
+eval(rawurldecode('
+
+# simple obfuscated gzuncompress
+'gz'.'unc'.'ompress'
\ No newline at end of file
diff --git a/definitions/patterns_re.txt b/definitions/patterns_re.txt
index aa3b70d..a0a482c 100644
--- a/definitions/patterns_re.txt
+++ b/definitions/patterns_re.txt
@@ -138,4 +138,13 @@ explode\('\|\x01\|\x03\|\x03', gzinflate\(
 @\$[a-z]{1}\[\d+\]\(\$[a-z]{1}\[\d+\]\);
 
 # reported #77
-\$[a-z]11 \^ [a-z]8\(\$[a-z]6, \$[a-z]14, \$[a-z]6\[13\]\(\$[a-z]11\)\)\)\);
\ No newline at end of file
+\$[a-z]11 \^ [a-z]8\(\$[a-z]6, \$[a-z]14, \$[a-z]6\[13\]\(\$[a-z]11\)\)\)\);
+
+# eval function return and concat
+eval\([A-Za-z]{5,}\(\) \. '
+
+# eval function return, parameter is a hex string
+eval\([A-Za-z0-9]{5,}\(\"[A-Z0-9]{16,}
+
+# gzip payload called by variable named function
+\$[a-zA-Z0-9]{6,}\('\x78\x9C\xAD\x90\x41\x0E
\ No newline at end of file