config.ini

[DEFAULT]
workpath = /home/mour/resources/webshell-sample/php
target_path = /home/mour/working/webshell-detector/uploads/DetectDir
blacklist_file = /home/mour/working/webshell-detector/uploads/blacksamples
whitelist_file = /home/mour/working/webshell-detector/uploads/whitesamples

[yara_rule_path]
whitelist = /home/mour/working/webshell-detector/lib/data/whitelist.yara
php = /home/mour/working/webshell-detector/lib/data/php.yar
asp = /home/mour/working/webshell-detector/lib/data/asp.yar
jsp = /home/mour/working/webshell-detector/lib/data/jsp.yar
yararules = /home/mour/working/webshell-detector/lib/data/all.yar

[ssdeep_features]
php = /home/mour/working/webshell-detector/lib/data/php.ssdeep
asp = /home/mour/working/webshell-detector/lib/data/asp.ssdeep
jsp = /home/mour/working/webshell-detector/lib/data/jsp.ssdeep
ssdeepfeatures = /home/mour/working/webshell-detector/lib/data/blacklist.ssdeep

[modules_checkpoint]
php = /home/mour/working/webshell-detector/lib/data/php_checkpoints/checkpoints
asp = /home/mour/working/webshell-detector/lib/data/asp_checkpoints/checkpoints
jsp = /home/mour/working/webshell-detector/lib/data/jsp_checkpoints/checkpoints

[yara]
#this type was writed in your rule file, and add here
yara_sec_type = wordpress,Owncloud,Phpmyadmin,Misc,Magento2,Magento,Prestashop,Symfony,Drupal,Roundcube,Concrete5,Dotclear
yara_dan_type = DangerousPhp,HiddenInAFile,DodgyPhp,PasswordProtection,ObfuscatedPhp,NonPrintableChar,SuspiciousEncodi,DodgyStrings