Releases: VirusTotal/yara
Releases · VirusTotal/yara
YARA v3.1.0
- Magic module
- Zero-length file are treated as normal files
- Modules now must implement module_initialize and module_finalize functions
- Accept functions without arguments in modules
- BUGFIX: Fix issue with module functions receiving more than one regular expressions
- BUGFIX: Show appropriate error message while trying to import unknown module
- BUGFIX: Fix segfaults caused by improper buffer bounds validation in PE module
- BUGFIX: Fix dns_lookup function in PE module
Refer to the documentation for information on how to build and install YARA.
YARA v3.0.0
- Support for modules
- PE module
- Cuckoo module
- Some improvements in the C API
- More comprehensive documentation
- BUGFIX: Start anchor (^) not working properly with the "matches" operator
- BUGFIX: False negative with certain regular expressions
- BUGFIX: Improper handling of nested includes with relative pathes
- BUGFIX: \s character class not recognizing \n, \r, \v and \f as spaces
- BUGFIX: YARA for Win64 scanning only the first 4GB of files.
- BUGFIX: Segmentation fault when using nested loops
- BUGFIX: Segmentation fault caused by invalid characters in regular expressions
- BUGFIX: Segmentation fault while scanning some processes in Windows
- BUGFIX: Segmentation fault caused by regexp code spanning over non-contiguous
memory pages
Refer to the documentation for information on how to build and install YARA.
YARA v2.1.0
- Improve regexp engine
- Improve multithreading support
- Case-insensitive and single-line matching modes for "matches" operator's regexps
- Added "error_on_warning" argument to "match" in yara-python
- Recognize x64 PE files
- BUGFIX: Mutex handle leak
- BUGFIX: NULL pointer dereferences
- BUGFIX: Buffer overflow
- BUGFIX: Crash while using compiled rules with yara64 in Windows
- BUGFIX: Infinite loop while scanning 64bits process in Windows
- BUGFIX: Side-effect on "externals" argument in yara-python's "match" function
- BUGFIX: "x of them" not working with strings containing unbounded jumps
Refer to the documentation for information on how to build and install YARA.
YARA v2.0.0
- Faster matching algorithm
- Command-line scanner is now multi-threaded
- Compiled rules can be saved to and loaded from a file
- Added support for unbounded jumps
- New libyara API
Refer to the documentation for information on how to build and install YARA.