diff --git a/src/plugins/analysis/software_components/signatures/http_server.yara b/src/plugins/analysis/software_components/signatures/http_server.yara
index 60131d534..b45eb0b0b 100644
--- a/src/plugins/analysis/software_components/signatures/http_server.yara
+++ b/src/plugins/analysis/software_components/signatures/http_server.yara
@@ -1,12 +1,11 @@
-rule lighttpd
-{
+rule lighttpd {
 	meta:
 		software_name = "lighttpd"
 		open_source = true
 		website = "https://www.lighttpd.net/"
 		description = "Lighttpd is a web-server optimized for low memory and cpu usage."
 	strings:
-		$a = /lighttpd-\d+\.\d+\.\d+/ nocase ascii wide
+		$a = /lighttpd[-\/]\d+\.\d+\.\d+/ ascii
 	condition:
 		$a and no_text_file
 }
diff --git a/src/plugins/analysis/software_components/signatures/network.yara b/src/plugins/analysis/software_components/signatures/network.yara
index 442cafe00..3f1d9c7c0 100644
--- a/src/plugins/analysis/software_components/signatures/network.yara
+++ b/src/plugins/analysis/software_components/signatures/network.yara
@@ -107,17 +107,21 @@ rule dnsmasq
 		($a or $b or $c) and no_text_file
 }
 
-rule Dropbear
-{
+rule Dropbear {
 	meta:
 		software_name = "Dropbear SSH"
 		open_source = true
 		website = "https://matt.ucc.asn.au/dropbear/dropbear.html"
 		description = "SSH Server and Client"
+		format_string = true
     strings:
-        $a = /dropbear_\d+\.\d+/ nocase ascii wide
+        $a = /dropbear_\d+\.\d+/ nocase ascii
+        $b = "Dropbear SSH client v%s" ascii
+        $c = "Dropbear SSH multi-purpose v%s" ascii
+        $d = "Dropbear v%s" ascii
+        $e = "Dropbear server v%s" ascii
     condition:
-        $a and no_text_file
+        any of them and no_text_file
 }
 
 rule FRRouting