Where communities thrive


  • Join over 1.5M+ people
  • Join over 100K+ communities
  • Free without limits
  • Create your own community
People
Repo info
Activity
    M0rk
    @kevien
    in unix system
    anyone who has switch to CLion?
    Victor M. Alvarez
    @plusvic
    @kevien I don't have any experience with CLion :(
    M0rk
    @kevien
    i got it ,thanks
    M0rk
    @kevien
    how to build libyara as as dll?
    M0rk
    @kevien
    is there anyone who transform it to cmake project ?
    M0rk
    @kevien
    anyone has test it on win10 process scan?
    X64
    M0rk
    @kevien
    i use 3.7.0 scan process ,it can not recognize ,but 3.6.0 can
    any changes?
    Victor M. Alvarez
    @plusvic
    @kevien can you explain a little mora about the issue? what do you mean with "can not recognize" ?
    Victor M. Alvarez
    @plusvic
    @kevien your problem probably was because of this VirusTotal/yara@4546fb2
    try with the latest version and let me know if it works fine for you
    M0rk
    @kevien
    @plusvic thanks i will try it
    HostageBrain
    @HostageBrain
    Hi guys. I'm watching to yara executable and see --fast-scan flag. I watched sources and found SCAN_FLAGS_FAST_MODE flag. As I see - this flag is just a performance improvement - yara wont create linked_list where no need to store all offsets. I mean - as I see there is obvious performance improvement with fully saved semantic. So why this flag isnt turned on by default? If I turn on this flag in my project where I'm using yara library - will I get some detects disappeared or any another disadvantages?
    Victor M. Alvarez
    @plusvic
    @HostageBrain the flag is not turned on by default because it prevents you from getting information about the offsets within the file where the strings where found. That information was offered since the first version, and the flag was added later on, so it's disabled by default for backward compatibility.
    HostageBrain
    @HostageBrain
    so if I have system which interested only if file matched or not_matched - then when I turn on flag - I lose nothing but get performance improvement?
    Victor M. Alvarez
    @plusvic
    yes, that's correct, if you are just interested in knowing if the file matches or not you can safely use the flag
    HostageBrain
    @HostageBrain
    thanx, great!
    Victor M. Alvarez
    @plusvic
    Enjoy YARA! :)
    Mike
    @mfhorka
    Hey guys, where is the version set in the arena that will later throw an UNSUPPORTED_FILE_VERSION error?
    Victor M. Alvarez
    @plusvic
    Tarek
    @tee2015
    Hi Guys, I am glad I am here as I just start recently learning Yara :smile:
    :fire:
    caili1981
    @caili1981
    @plusvic , nice to meet you. I'm a freshman in YARA. I'm focusing on develop a flow stream based scan engine by YARA. Is there existing, related, open sourced project that I can refer? Thanks a lot in advance.
    Victor M. Alvarez
    @plusvic
    Hi @caili1981 , no that I know. At some point I've thought about implementing a stream scanning API in YARA, but because of the way YARA works it's not trivial. YARA was designed with blocks of data in mind, that's noticeable when you try to adapt it to scan a stream, at the end the only possible solution is viewing the stream as a sequence of overlapping blocks.
    caili1981
    @caili1981
    @plusvic , thanks a lot for quick response. As far as I know that we can not find the virus-characters that is cross stream boundary by the existing YARA code. Do you mean by 1. Saving all the streams in memory. 2. And then using BLOCK and ITERATORs, and then modify the 'scan_mem_block' related algorithm to get the stream/fragment scanned?
    joonho
    @jhyeom26
    Hi guys, Is it possible to iterate over a dictionary in YARA rule?
    ripmalware
    @ripmalware
    What do you mean? Like a dictionary of words?
    Also, does anyone have a problem running dotnet modules with yara-python (v3.8.1 and 3.9.0)? I get errors for invalid field names (tried with number_of_guids and typelib). Used 3.8.1 install from pip3 and compiled from source for v3.9.
    Rule works when running yara, just not yara-python. Saw the issues someone had with imphash, but rebuilding it still didn't seem to work... VirusTotal/yara-python#97
    ripmalware
    @ripmalware
    Ok, got it. Needed to use the flag --enable-dotnet when building from python source. Didn't see those options until looking at setup.py. https://github.com/VirusTotal/yara-python/blob/master/setup.py
    Tom
    @nyx0
    hi guys, do you have any timeframe to merge the following PR #1092 ? cc @plusvic @wxsBSD
    Victor M. Alvarez
    @plusvic
    Hi @nyx0, I just reviewed the PR and added some comments.
    Tom
    @nyx0
    awesome thanks!
    Kebechet
    @Kebechet
    Hello, is it possible to add multiple json files as arguments to yara64.exe ? smth like: yara64.exe -x cuckoo=path1, path2 rule.yar sample.exe
    Vojtěch Boček
    @Tasssadar

    Hi, why are bison/flex generated .c files in the repository? They get regenerated during build, which makes the git repository dirty. And you can't build yara without flex & bison installed anyway.

    EDIT: ups, I remembered it wrong, configure actually passes without flex/bison, but if Make decides it needs to regenerate the files, the build will fail. And it decides to do so pretty arbitrarily.

    Victor M. Alvarez
    @plusvic
    That's because in certain platforms like Windows you don't have flex/bison or at least is not easy to have them.
    Vojtěch Boček
    @Tasssadar
    @plusvic well, make decides to rebuild the generated files based on timestamps, which are set according to in which order Git checks out the files, so you get randomly regenerated .c files for no reason. Perhaps the generation step should be completely separate and only executed on demand?
    Yair Ivan Medina Cota
    @yairi.medinac_gitlab
    hello
    roopeshiitd
    @roopeshiitd
    Hi I want to compile yara by adding androguard library on windows. In documentation I couldn't find on how todo that can someone help
    Noel N
    @noelpat
    Hello
    Trying to learn how to use Yara to identify random malware samples from a honeypot.
    nnickie23
    @nnickie23
    Hi, I am trying to write a program on Golang which analyzes files with Yara. I know Yara has c API , is there some kind of "go api"? If no, how should I implement Yara?