mirror of
https://github.com/scr34m/php-malware-scanner.git
synced 2026-06-16 12:30:35 +00:00
Signature update from new infections
This commit is contained in:
@@ -40,6 +40,9 @@ Googlebot['"]{0,1}\s*\)\){echo\s+file_get_contents
|
||||
#execute base64 code
|
||||
eVaL\(\s*trim\(\s*baSe64_deCoDe\(
|
||||
|
||||
# execute escaped code
|
||||
exec\("(\\[0-9a-fx]{2,3}){3,}
|
||||
|
||||
#
|
||||
if\s*\(\s*mail\s*\(\s*\$mails\[\$i\]\s*,\s*\$tema\s*,\s*base64_encode\s*\(\s*\$text
|
||||
|
||||
@@ -110,4 +113,7 @@ function\s+_[0-9]{8,}\(
|
||||
@include ".*?(\\x[0-9a-f]{2,}.*?){2,}.*?";
|
||||
|
||||
# create_function is dangerous as like eval() see http://php.net/manual/en/function.create-function.php
|
||||
create_function\s*\(\s*['"]{2}
|
||||
create_function\s*\(\s*['"]{2}
|
||||
|
||||
# control concated from cookie at the call
|
||||
(\$[a-z]{2,}=urldecode\(\$_COOKIE\['[a-z]{2,}'\]\);){3,}
|
||||
Reference in New Issue
Block a user