diff --git a/definitions/patterns_raw.txt b/definitions/patterns_raw.txt
index f9dac5e..655f783 100644
--- a/definitions/patterns_raw.txt
+++ b/definitions/patterns_raw.txt
@@ -27,6 +27,8 @@ ShellBOT
 curl_get_from_webpage
 file_get_contents('http://codepad.org
 
+#mailers
+leafmailer.pw
 
 #Base64 String Samples.  Each plain text string should have 3 base64 equivalents
 
@@ -397,6 +399,7 @@ Array("1207", "3gso", "4thp", "501i", "502i", "503i", "504i", "505i", "506i",
 
 # eval url decoded string
 eval(rawurldecode('
+eval(htmlspecialchars_decode(
 
 # simple obfuscated function
 'gz'.'unc'.'ompress'