Signature update reported in #19

definitions/patterns_raw.txt

@@ -340,4 +340,8 @@ $f1 = ".ht"; $f2 = "acc"; $f3 = "ess";
 # split escaped
 \x73\x70\x6C\x69\x74
 # >tpircs/< aka </script>
-\x3E\x74\x70\x69\x72\x63\x73\x2F\x3C
+\x3E\x74\x70\x69\x72\x63\x73\x2F\x3C
+# comment spoof function call
+/*;*/
+# web shells host type extraction
+php_uname()

definitions/patterns_re.txt

@@ -93,3 +93,6 @@ eval\(\$[a-z0-9_]+\(\$_POST
 
 # GLOBALS inject with escaped content
 \$GLOBALS;\$\{"\\x
+
+# web shells host type extraction RE
+php_uname\(["'asrvm]+\)