Remove too regular patterns

This commit is contained in:
Gabor Gyorvari
2016-12-27 15:48:48 +01:00
parent 608caf6d5e
commit 91174b5a60

View File

@@ -161,6 +161,7 @@ class MalwareScanner
'\x65\x76\x61\x6C' /* case, dec/hex issue? */, '\x65\x76\x61\x6C' /* case, dec/hex issue? */,
'ZXZhbCg', // eval 'ZXZhbCg', // eval
"'ev'.'al'.'", "'ev'.'al'.'",
'/eval\s*\(/i',
'eval(base64_decode(', 'eval(base64_decode(',
'\x47\x4c\x4f\x42\x41LS', // GLOBALS '\x47\x4c\x4f\x42\x41LS', // GLOBALS
@@ -175,11 +176,8 @@ class MalwareScanner
/* too open? */ /* too open? */
// 'gzinflate(base64_decode(', // 'gzinflate(base64_decode(',
'md5($_GET[', // md5($_GET["ms-load"]) 'md5($_GET[', // md5($_GET["ms-load"])
'sendMail',
'echo "ok-ok"',
'/ShellBOT/i', '/ShellBOT/i',
'/YW55cmVzdWx0cy5uZXQ=/i', '/YW55cmVzdWx0cy5uZXQ=/i',
'/eval\s*\(/i',
'/base64_decode\s*\(/i', '/base64_decode\s*\(/i',
'/str_rot13/i', '/str_rot13/i',
'/uudecode/i', '/uudecode/i',
@@ -190,7 +188,6 @@ class MalwareScanner
'moban.html', 'moban.html',
'<?php eval', '<?php eval',
'$data = base64_decode("', '$data = base64_decode("',
'a,b,c,d,e,f,g', 'a,b,c,d,e,f,g',
' freetellafriend.com', ' freetellafriend.com',
'SHELL_PASSWORD', 'SHELL_PASSWORD',