diff --git a/cms-ver.php b/cms-ver.php
index cb0b2ba..ab589b9 100644
--- a/cms-ver.php
+++ b/cms-ver.php
@@ -133,6 +133,7 @@ $versions = array(
     array("CakePHP","cake/config/config.php","\$config['Cake.version'] ="),
     array("phpFormGenerator", "/fields.php", "<title>phpFormGenerator v"), // does not escape correctly
     array("ZenPhoto", "/zp-core/functions.php", "define('ZENPHOTO_VERSION',"),
+    array("Eventum Issue Tracker", "/init.php", "define('APP_VERSION',"),
 
 // still need to work on these
     array("CubeCart", "/index.php", "CubeCart v"), // may need one more line
diff --git a/malware5.pl b/malware5.pl
index 6cd1444..3995182 100644
--- a/malware5.pl
+++ b/malware5.pl
@@ -339,6 +339,18 @@ my @regexen = (
     qr/<\?php\s+\@eval\(base64\_decode\(([A-z0-9]{20,})\)\)\;\?>/is,
     qr/<\?php\s+\@error\_reporting\(0\)\;\@ini\_set\(.+?\{eval\(mcrypt\_decrypt\(MCRYPT\_RIJNDAEL\_256.+?\]\)\,MCRYPT\_MODE\_ECB\)\)\;\}exit\;\?>/is,
     qr/<\?php.+?eval\(base64\_decode\(str\_rot13\(strrev\(base64\_decode\(str\_rot13\(\$\_POST\[\'.+?\'\]\)\)\)\)\)\)\;.+?print\s+\$pageData\;\s+\}\s+curl\_close\(\$ch\)\;\s+\?>/is,
+    qr/<\?php\s+\/\*\*.+?\@package\s+WordPress.+?\*\/\s+\@eval\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\;\s+\?>/is,
+    qr/function\s+([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\{if\(is\_array\(\$([A-z0-9]{1,20})\)\)\{foreach\(\$([A-z0-9]{1,20})\s+as.+?\$([A-z0-9]{1,20})\=base64\_decode\(\$([A-z0-9]{1,20})\)\;eval\(\$([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\=null\;\}.+?if\(empty\(\$\_SERVER\)\)\$\_SERVER\=\$HTTP\_SERVER\_VARS\;array\_map\(\"([A-z0-9]{1,20})\"\,\$\_SERVER\)\;/is,
+    qr/<\?php\s+\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\s+\=\s+\"\\x.+?\$GLOBALS\[\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\.\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\.\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\..+?return\s+\$GLOBALS\[\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\.\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\.\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\..+?eval\(\$([A-z0-9]{1,20})\[\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\]\)\;\s+\}\s+exit\(\)\;\s+\}/is,
+    qr/<\?php.+?\$([A-z0-9]{1,20})\=\"([A-z0-9]{1,20})b([A-z0-9]{1,20})a([A-z0-9]{1,20})s([A-z0-9]{1,20})e([A-z0-9]{1,20})6([A-z0-9]{1,20})4([A-z0-9]{1,20})\_([A-z0-9]{1,20})d([A-z0-9]{1,20})e([A-z0-9]{1,20})c([A-z0-9]{1,20})o([A-z0-9]{1,20})d([A-z0-9]{1,20})e([A-z0-9]{1,20})\"\;\s+\$([A-z0-9]{1,20})\=str\_ireplace\(\"\w\"\,.+?user\_error\(\$([A-z0-9]{1,20})\,E\_USER\_ERROR\)\;.+?\/\*\s+([A-z0-9]{1,20})\s+\*\/\s+\?>/is,
+    qr/<\?php\s+eval\(eval\(\"\\\$\_([A-z0-9]{20,})\s+\=\s+\\x.+?([A-z0-9]{1,20})\s+\:\s+\'\s+\.\s+\\\$\_([A-z0-9]{20,})\;\}\"\)\)\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'c\'\;\$([A-z0-9]{1,20})\=\'n\'\;\$([A-z0-9]{1,20})\=\'4\'\;\$([A-z0-9]{1,20})\=\'f\'\;\$([A-z0-9]{1,20})\=\'z\'\;\$([A-z0-9]{1,20})\=\'d\'\;\$([A-z0-9]{1,20})\=\'s\'\;\$([A-z0-9]{1,20})\=\'6\'\;\$([A-z0-9]{1,20})\=\'b\'\;\$([A-z0-9]{1,20})\=\'i\'\;\$([A-z0-9]{1,20})\=\'o\'\;\$([A-z0-9]{1,20})\=\'e\'\;\$([A-z0-9]{1,20})\=\'a\'\;\$([A-z0-9]{1,20})\=\'t\'\;\$([A-z0-9]{1,20})\=\'\_\'\;\$([A-z0-9]{1,20})\=\'l\'\;\$([A-z0-9]{1,20})\=\'g\'\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\;eval\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(.+?\'\)\)\)\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\$\_COOKIE\;\s+\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\[([A-z0-9]{1,20})\]\;\s+if\(\$([A-z0-9]{1,20})\)\{\s+\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\[([A-z0-9]{1,20})\]\)\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\[([A-z0-9]{1,20})\]\)\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\"\"\,\$([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\(\)\;\s+\}/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20}).+?\'st\'.+?array\(.+?eval\(.+?\;\s+\?>/is,
+    qr/<\?php\s+eval\(eval\(\"\\\$\_([A-z0-9]{20,})\s+\=\s+\\x.+?\\\"\)\;\s+eval\(\\\$\_([A-z0-9]{20,})\)\;\"\)\)\;/is,
+    qr/<\?php\s+function\s+([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+\$([A-z0-9]{1,20})\)\{\$([A-z0-9]{1,20})\s+\=\s+\'\'\;\s+for\(\$i\=0\;\s+\$i\s+<\s+strlen\(\$([A-z0-9]{1,20})\)\;\s+\$i\+\+\)\{\$([A-z0-9]{1,20})\s+\.\=\s+isset\(\$.+?\$([A-z0-9]{1,20})\=\"base64\_decode\"\;return\s+\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\;\}.+\$([A-z0-9]{1,20})\s+\=\s+Array\(\'.+?\)\;\s+eval\(([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+\$([A-z0-9]{1,20})\)\)\;\?>/is,
+    qr/<\?php\s+isset\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\s+\&\&\s+\(\$([A-z0-9]{1,20})\=\s+\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\s+\&\&\s+\@preg\_replace\(\'\/([A-z0-9]{1,20})\/\w\'\,\'\@\'\.str\_rot13\(\'riny\'\)\.\'\(\$([A-z0-9]{1,20})\)\'\,\s+\'([A-z0-9]{1,20})\'\)\;/is,
+    qr/<\?php\s+if\(isset\(\$\_GET\[.+?\]\)\?base64\_decode\(\$\_GET\[\'([A-z0-9]{1,20})\'\]\)\:\'\'\;.+?foreach\(array\(\$([A-z0-9]{1,20})\)\s+as\s+\$([A-z0-9]{1,20})\)\{.+?ob\_end\_flush\(\)\;\s+\}/is,
 
 );
 
diff --git a/malwaresh.pl b/malwaresh.pl
index 4e3f31d..de2a8ef 100644
--- a/malwaresh.pl
+++ b/malwaresh.pl
@@ -821,6 +821,18 @@ my @regexen = (
     qr/<\?php.+?\$\{\"\\x47\\x4c\\x4fB\\x41\\x4c\\x53\"\}.+?\?>/is,
     qr/<\?php\s+\@error\_reporting\(0\)\;\@ini\_set\(.+?\{eval\(mcrypt\_decrypt\(MCRYPT\_RIJNDAEL\_256.+?\]\)\,MCRYPT\_MODE\_ECB\)\)\;\}exit\;\?>/is,
     qr/<\?php.+?eval\(base64\_decode\(str\_rot13\(strrev\(base64\_decode\(str\_rot13\(\$\_POST\[\'.+?\'\]\)\)\)\)\)\)\;.+?print\s+\$pageData\;\s+\}\s+curl\_close\(\$ch\)\;\s+\?>/is,
+    qr/<\?php\s+\/\*\*.+?\@package\s+WordPress.+?\*\/\s+\@eval\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\;\s+\?>/is,
+    qr/function\s+([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\{if\(is\_array\(\$([A-z0-9]{1,20})\)\)\{foreach\(\$([A-z0-9]{1,20})\s+as.+?\$([A-z0-9]{1,20})\=base64\_decode\(\$([A-z0-9]{1,20})\)\;eval\(\$([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\=null\;\}.+?if\(empty\(\$\_SERVER\)\)\$\_SERVER\=\$HTTP\_SERVER\_VARS\;array\_map\(\"([A-z0-9]{1,20})\"\,\$\_SERVER\)\;/is,
+    qr/<\?php\s+\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\s+\=\s+\"\\x.+?\$GLOBALS\[\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\.\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\.\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\..+?return\s+\$GLOBALS\[\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\.\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\.\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\..+?eval\(\$([A-z0-9]{1,20})\[\$GLOBALS\[\'([A-z0-9]{1,20})\'\]\[\d\d\]\]\)\;\s+\}\s+exit\(\)\;\s+\}/is,
+    qr/<\?php.+?\$([A-z0-9]{1,20})\=\"([A-z0-9]{1,20})b([A-z0-9]{1,20})a([A-z0-9]{1,20})s([A-z0-9]{1,20})e([A-z0-9]{1,20})6([A-z0-9]{1,20})4([A-z0-9]{1,20})\_([A-z0-9]{1,20})d([A-z0-9]{1,20})e([A-z0-9]{1,20})c([A-z0-9]{1,20})o([A-z0-9]{1,20})d([A-z0-9]{1,20})e([A-z0-9]{1,20})\"\;\s+\$([A-z0-9]{1,20})\=str\_ireplace\(\"\w\"\,.+?user\_error\(\$([A-z0-9]{1,20})\,E\_USER\_ERROR\)\;.+?\/\*\s+([A-z0-9]{1,20})\s+\*\/\s+\?>/is,
+    qr/<\?php\s+eval\(eval\(\"\\\$\_([A-z0-9]{20,})\s+\=\s+\\x.+?([A-z0-9]{1,20})\s+\:\s+\'\s+\.\s+\\\$\_([A-z0-9]{20,})\;\}\"\)\)\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\'c\'\;\$([A-z0-9]{1,20})\=\'n\'\;\$([A-z0-9]{1,20})\=\'4\'\;\$([A-z0-9]{1,20})\=\'f\'\;\$([A-z0-9]{1,20})\=\'z\'\;\$([A-z0-9]{1,20})\=\'d\'\;\$([A-z0-9]{1,20})\=\'s\'\;\$([A-z0-9]{1,20})\=\'6\'\;\$([A-z0-9]{1,20})\=\'b\'\;\$([A-z0-9]{1,20})\=\'i\'\;\$([A-z0-9]{1,20})\=\'o\'\;\$([A-z0-9]{1,20})\=\'e\'\;\$([A-z0-9]{1,20})\=\'a\'\;\$([A-z0-9]{1,20})\=\'t\'\;\$([A-z0-9]{1,20})\=\'\_\'\;\$([A-z0-9]{1,20})\=\'l\'\;\$([A-z0-9]{1,20})\=\'g\'\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\.\$([A-z0-9]{1,20})\;eval\(\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\(.+?\'\)\)\)\;/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20})\=\$\_COOKIE\;\s+\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\[([A-z0-9]{1,20})\]\;\s+if\(\$([A-z0-9]{1,20})\)\{\s+\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\[([A-z0-9]{1,20})\]\)\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\[([A-z0-9]{1,20})\]\)\;\$([A-z0-9]{1,20})\=\$([A-z0-9]{1,20})\(\"\"\,\$([A-z0-9]{1,20})\)\;\$([A-z0-9]{1,20})\(\)\;\s+\}/is,
+    qr/<\?php\s+\$([A-z0-9]{1,20}).+?\'st\'.+?array\(.+?eval\(.+?\;\s+\?>/is,
+    qr/<\?php\s+eval\(eval\(\"\\\$\_([A-z0-9]{20,})\s+\=\s+\\x.+?\\\"\)\;\s+eval\(\\\$\_([A-z0-9]{20,})\)\;\"\)\)\;/is,
+    qr/<\?php\s+function\s+([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+\$([A-z0-9]{1,20})\)\{\$([A-z0-9]{1,20})\s+\=\s+\'\'\;\s+for\(\$i\=0\;\s+\$i\s+<\s+strlen\(\$([A-z0-9]{1,20})\)\;\s+\$i\+\+\)\{\$([A-z0-9]{1,20})\s+\.\=\s+isset\(\$.+?\$([A-z0-9]{1,20})\=\"base64\_decode\"\;return\s+\$([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\)\;\}.+\$([A-z0-9]{1,20})\s+\=\s+Array\(\'.+?\)\;\s+eval\(([A-z0-9]{1,20})\(\$([A-z0-9]{1,20})\,\s+\$([A-z0-9]{1,20})\)\)\;\?>/is,
+    qr/<\?php\s+isset\(\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\s+\&\&\s+\(\$([A-z0-9]{1,20})\=\s+\$\_POST\[\'([A-z0-9]{1,20})\'\]\)\s+\&\&\s+\@preg\_replace\(\'\/([A-z0-9]{1,20})\/\w\'\,\'\@\'\.str\_rot13\(\'riny\'\)\.\'\(\$([A-z0-9]{1,20})\)\'\,\s+\'([A-z0-9]{1,20})\'\)\;/is,
+    qr/<\?php\s+if\(isset\(\$\_GET\[.+?\]\)\?base64\_decode\(\$\_GET\[\'([A-z0-9]{1,20})\'\]\)\:\'\'\;.+?foreach\(array\(\$([A-z0-9]{1,20})\)\s+as\s+\$([A-z0-9]{1,20})\)\{.+?ob\_end\_flush\(\)\;\s+\}/is,
 
 );