Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Module PE Not Functioning Correctly #28

Closed
rholloway opened this issue Aug 25, 2016 · 11 comments
Closed

Module PE Not Functioning Correctly #28

rholloway opened this issue Aug 25, 2016 · 11 comments

Comments

@rholloway
Copy link

I am having an issue using the PE module within yara-python, although it works fine from command line yara.

Using yara 3.5.0 and yara-python 3.5.0. It looks somewhat related to #8 but in this case I don't have an issue on the import, but I can't use the functions.

(env) vagrant@web:/opt$ yara --version
yara 3.5.0
(env) vagrant@web:/opt$ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13)
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.

import yara
yara.version
'3.5.0'
yara.compile(source='import "pe" rule test_rule { condition: pe.imphash() == "A" * 32}')
Traceback (most recent call last):
File "", line 1, in
yara.SyntaxError: invalid field name "imphash"
yara.compile(source='import "pe"')
<yara.Rules object at 0x7f06dea91d00>
@wxsBSD
Copy link
Contributor

wxsBSD commented Aug 26, 2016

Looks like you didn't build YARA with crypto support.

@rholloway
Copy link
Author

rholloway commented Aug 26, 2016
edited
Loading

I don't think that is it. I built YARA with everything, and I can use yarac from command line without any issues to compile this rule. I cannot, however, compile when using yara-python.

I did not explicitly pass --with-crypto, but based on docs it should have been detected. Here are relevant pieces from ansible script used to compile. It should have openssl on the system.

---
- name: Ensure dependencies are installed
  apt: name={{item}} state=present
  with_items:
    - automake
    - libtool
    - make
    - gcc
    - flex
    - bison
    - libssl-dev
    - libjansson-dev
    - libmagic-dev
  tags: [yara]

# download src, etc.

- name: Configure an install yara {{yara_version}}
  shell: "{{ item }}"
  args:
    chdir: /opt/yara/yara-{{yara_version}}
    creates: /usr/local/lib/libyara.so.{{yara_version}}
  with_items:
    - ./configure --enable-cuckoo --enable-magic
    - make
    - make install
  tags: [yara]

@wxsBSD
Copy link
Contributor

wxsBSD commented Aug 27, 2016

"A" * 32 is not a valid syntax for YARA. I think that is playing into this. Unfortunately I'm catching a long flight right now so I can't fully debug.

@wxsBSD
Copy link
Contributor

wxsBSD commented Sep 8, 2016

My earlier comment about "A" * 32 not being valid is still true but the error you're seeing is actually caused by something entirely different, which is a valid issue AFAICT.

I think I ran into this when someone brought up an issue to me privately. Essentially here is what I'm seeing:

wxs@wxs-mbp tmp % pip list | grep yara
wxs@wxs-mbp tmp % sudo pip install yara-python
Collecting yara-python
Installing collected packages: yara-python
Successfully installed yara-python-3.5.0
wxs@wxs-mbp tmp % python -c 'import yara; yara.compile(source="import \"pe\" rule test { condition: pe.number_of_signatures > 0 }")'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
yara.SyntaxError: invalid field name "number_of_signatures"
wxs@wxs-mbp tmp %

It seems like when the yara-python package builds the version of YARA to link with it doesn't find the OpenSSL bits and doesn't define HAVE_LIBCRYPTO properly. So I then generated a verbose build log which looks like this:

Collecting yara-python
  1 location(s) to search for versions of yara-python:
  * https://pypi.python.org/simple/yara-python/
  Getting page https://pypi.python.org/simple/yara-python/
  Looking up "https://pypi.python.org/simple/yara-python/" in the cache
  No cache entry available
  Starting new HTTPS connection (1): pypi.python.org
  "GET /simple/yara-python/ HTTP/1.1" 200 325
  Updating cache with response from "https://pypi.python.org/simple/yara-python/"
  Caching b/c date exists and max-age > 0
  Analyzing links from page https://pypi.python.org/simple/yara-python/
    Found link https://pypi.python.org/packages/3e/6c/ec2453fd811ea2f8c157d196b4dd76eb3c229362918fdb661358bd3e8645/yara-python-3.5.0.tar.gz#md5=3184efa3da16e3a8304185f2641c4ffe (from https://pypi.python.org/simple/yara-python/), version: 3.5.0
    Found link https://pypi.python.org/packages/8e/01/b7dce32aa35248e9c640250788cd959245c6f79e6f5d44185ad214efb115/yara-python-3.4.0.00.tar.gz#md5=b28916c20bd8e6a7c4f105e3b496f378 (from https://pypi.python.org/simple/yara-python/), version: 3.4.0.00
  Using version 3.5.0 (newest of versions: 3.4.0.0, 3.5.0)
  Looking up "https://pypi.python.org/packages/3e/6c/ec2453fd811ea2f8c157d196b4dd76eb3c229362918fdb661358bd3e8645/yara-python-3.5.0.tar.gz" in the cache
  No cache entry available
  "GET /packages/3e/6c/ec2453fd811ea2f8c157d196b4dd76eb3c229362918fdb661358bd3e8645/yara-python-3.5.0.tar.gz HTTP/1.1" 200 551735
  Downloading yara-python-3.5.0.tar.gz (551kB)
  Downloading from URL https://pypi.python.org/packages/3e/6c/ec2453fd811ea2f8c157d196b4dd76eb3c229362918fdb661358bd3e8645/yara-python-3.5.0.tar.gz#md5=3184efa3da16e3a8304185f2641c4ffe (from https://pypi.python.org/simple/yara-python/)
  Updating cache with response from "https://pypi.python.org/packages/3e/6c/ec2453fd811ea2f8c157d196b4dd76eb3c229362918fdb661358bd3e8645/yara-python-3.5.0.tar.gz"
  Caching due to etag
  Running setup.py (path:/private/tmp/pip-build-SD9wqX/yara-python/setup.py) egg_info for package yara-python
    Running command python setup.py egg_info
    running egg_info
    creating pip-egg-info/yara_python.egg-info
    writing pip-egg-info/yara_python.egg-info/PKG-INFO
    writing top-level names to pip-egg-info/yara_python.egg-info/top_level.txt
    writing dependency_links to pip-egg-info/yara_python.egg-info/dependency_links.txt
    writing manifest file 'pip-egg-info/yara_python.egg-info/SOURCES.txt'
    warning: manifest_maker: standard file '-c' not found

    reading manifest file 'pip-egg-info/yara_python.egg-info/SOURCES.txt'
    reading manifest template 'MANIFEST.in'
    writing manifest file 'pip-egg-info/yara_python.egg-info/SOURCES.txt'
  Source in /private/tmp/pip-build-SD9wqX/yara-python has version 3.5.0, which satisfies requirement yara-python from https://pypi.python.org/packages/3e/6c/ec2453fd811ea2f8c157d196b4dd76eb3c229362918fdb661358bd3e8645/yara-python-3.5.0.tar.gz#md5=3184efa3da16e3a8304185f2641c4ffe
Installing collected packages: yara-python
  Running setup.py install for yara-python: started
    Running command /usr/bin/python -u -c "import setuptools, tokenize;__file__='/private/tmp/pip-build-SD9wqX/yara-python/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-fLqXMQ-record/install-record.txt --single-version-externally-managed --compile
    running install
    running build
    running build_ext
    building 'yara' extension
    creating build
    creating build/temp.macosx-10.11-intel-2.7
    creating build/temp.macosx-10.11-intel-2.7/yara
    creating build/temp.macosx-10.11-intel-2.7/yara/libyara
    creating build/temp.macosx-10.11-intel-2.7/yara/libyara/modules
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara-python.c -o build/temp.macosx-10.11-intel-2.7/yara-python.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/ahocorasick.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/ahocorasick.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/arena.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/arena.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/atoms.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/atoms.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/compiler.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/compiler.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/exec.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/exec.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/exefiles.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/exefiles.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/filemap.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/filemap.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/grammar.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/grammar.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/hash.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/hash.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/hex_grammar.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/hex_grammar.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/hex_lexer.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/hex_lexer.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/lexer.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/lexer.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/libyara.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/libyara.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/mem.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/mem.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/object.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/object.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/parser.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/parser.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/proc.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/proc.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/re.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/re.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/re_grammar.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/re_grammar.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/re_lexer.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/re_lexer.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/rules.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/rules.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/scan.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/scan.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/sizedstr.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/sizedstr.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/stream.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/stream.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/strutils.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/strutils.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/threading.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/threading.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules/demo.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/demo.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules/elf.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/elf.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules/hash.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/hash.o
    yara/libyara/modules/hash.c:124:3: warning: 'MD5_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      MD5_Init(&md5_context);
      ^
    /usr/include/openssl/md5.h:113:5: note: 'MD5_Init' has been explicitly marked deprecated here
    int MD5_Init(MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:125:3: warning: 'MD5_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      MD5_Update(&md5_context, s->c_string, s->length);
      ^
    /usr/include/openssl/md5.h:114:5: note: 'MD5_Update' has been explicitly marked deprecated here
    int MD5_Update(MD5_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:126:3: warning: 'MD5_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      MD5_Final(digest, &md5_context);
      ^
    /usr/include/openssl/md5.h:115:5: note: 'MD5_Final' has been explicitly marked deprecated here
    int MD5_Final(unsigned char *md, MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:142:3: warning: 'SHA256_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA256_Init(&sha256_context);
      ^
    /usr/include/openssl/sha.h:147:5: note: 'SHA256_Init' has been explicitly marked deprecated here
    int SHA256_Init(SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:143:3: warning: 'SHA256_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA256_Update(&sha256_context, s->c_string, s->length);
      ^
    /usr/include/openssl/sha.h:148:5: note: 'SHA256_Update' has been explicitly marked deprecated here
    int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:144:3: warning: 'SHA256_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA256_Final(digest, &sha256_context);
      ^
    /usr/include/openssl/sha.h:149:5: note: 'SHA256_Final' has been explicitly marked deprecated here
    int SHA256_Final(unsigned char *md, SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:160:3: warning: 'SHA1_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA1_Init(&sha_context);
      ^
    /usr/include/openssl/sha.h:121:5: note: 'SHA1_Init' has been explicitly marked deprecated here
    int SHA1_Init(SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:161:3: warning: 'SHA1_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA1_Update(&sha_context, s->c_string, s->length);
      ^
    /usr/include/openssl/sha.h:122:5: note: 'SHA1_Update' has been explicitly marked deprecated here
    int SHA1_Update(SHA_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:162:3: warning: 'SHA1_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA1_Final(digest, &sha_context);
      ^
    /usr/include/openssl/sha.h:123:5: note: 'SHA1_Final' has been explicitly marked deprecated here
    int SHA1_Final(unsigned char *md, SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:204:3: warning: 'MD5_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      MD5_Init(&md5_context);
      ^
    /usr/include/openssl/md5.h:113:5: note: 'MD5_Init' has been explicitly marked deprecated here
    int MD5_Init(MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:235:9: warning: 'MD5_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
            MD5_Update(&md5_context, block_data + data_offset, data_len);
            ^
    /usr/include/openssl/md5.h:114:5: note: 'MD5_Update' has been explicitly marked deprecated here
    int MD5_Update(MD5_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:258:3: warning: 'MD5_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      MD5_Final(digest, &md5_context);
      ^
    /usr/include/openssl/md5.h:115:5: note: 'MD5_Final' has been explicitly marked deprecated here
    int MD5_Final(unsigned char *md, MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:289:3: warning: 'SHA1_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA1_Init(&sha_context);
      ^
    /usr/include/openssl/sha.h:121:5: note: 'SHA1_Init' has been explicitly marked deprecated here
    int SHA1_Init(SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:319:9: warning: 'SHA1_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
            SHA1_Update(&sha_context, block_data + data_offset, data_len);
            ^
    /usr/include/openssl/sha.h:122:5: note: 'SHA1_Update' has been explicitly marked deprecated here
    int SHA1_Update(SHA_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:342:3: warning: 'SHA1_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA1_Final(digest, &sha_context);
      ^
    /usr/include/openssl/sha.h:123:5: note: 'SHA1_Final' has been explicitly marked deprecated here
    int SHA1_Final(unsigned char *md, SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:373:3: warning: 'SHA256_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA256_Init(&sha256_context);
      ^
    /usr/include/openssl/sha.h:147:5: note: 'SHA256_Init' has been explicitly marked deprecated here
    int SHA256_Init(SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:402:9: warning: 'SHA256_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
            SHA256_Update(&sha256_context, block_data + data_offset, data_len);
            ^
    /usr/include/openssl/sha.h:148:5: note: 'SHA256_Update' has been explicitly marked deprecated here
    int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:425:3: warning: 'SHA256_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA256_Final(digest, &sha256_context);
      ^
    /usr/include/openssl/sha.h:149:5: note: 'SHA256_Final' has been explicitly marked deprecated here
    int SHA256_Final(unsigned char *md, SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    18 warnings generated.
    yara/libyara/modules/hash.c:124:3: warning: 'MD5_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      MD5_Init(&md5_context);
      ^
    /usr/include/openssl/md5.h:113:5: note: 'MD5_Init' has been explicitly marked deprecated here
    int MD5_Init(MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:125:3: warning: 'MD5_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      MD5_Update(&md5_context, s->c_string, s->length);
      ^
    /usr/include/openssl/md5.h:114:5: note: 'MD5_Update' has been explicitly marked deprecated here
    int MD5_Update(MD5_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:126:3: warning: 'MD5_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      MD5_Final(digest, &md5_context);
      ^
    /usr/include/openssl/md5.h:115:5: note: 'MD5_Final' has been explicitly marked deprecated here
    int MD5_Final(unsigned char *md, MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:142:3: warning: 'SHA256_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA256_Init(&sha256_context);
      ^
    /usr/include/openssl/sha.h:147:5: note: 'SHA256_Init' has been explicitly marked deprecated here
    int SHA256_Init(SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:143:3: warning: 'SHA256_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA256_Update(&sha256_context, s->c_string, s->length);
      ^
    /usr/include/openssl/sha.h:148:5: note: 'SHA256_Update' has been explicitly marked deprecated here
    int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:144:3: warning: 'SHA256_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA256_Final(digest, &sha256_context);
      ^
    /usr/include/openssl/sha.h:149:5: note: 'SHA256_Final' has been explicitly marked deprecated here
    int SHA256_Final(unsigned char *md, SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:160:3: warning: 'SHA1_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA1_Init(&sha_context);
      ^
    /usr/include/openssl/sha.h:121:5: note: 'SHA1_Init' has been explicitly marked deprecated here
    int SHA1_Init(SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:161:3: warning: 'SHA1_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA1_Update(&sha_context, s->c_string, s->length);
      ^
    /usr/include/openssl/sha.h:122:5: note: 'SHA1_Update' has been explicitly marked deprecated here
    int SHA1_Update(SHA_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:162:3: warning: 'SHA1_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA1_Final(digest, &sha_context);
      ^
    /usr/include/openssl/sha.h:123:5: note: 'SHA1_Final' has been explicitly marked deprecated here
    int SHA1_Final(unsigned char *md, SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:204:3: warning: 'MD5_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      MD5_Init(&md5_context);
      ^
    /usr/include/openssl/md5.h:113:5: note: 'MD5_Init' has been explicitly marked deprecated here
    int MD5_Init(MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:235:9: warning: 'MD5_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
            MD5_Update(&md5_context, block_data + data_offset, data_len);
            ^
    /usr/include/openssl/md5.h:114:5: note: 'MD5_Update' has been explicitly marked deprecated here
    int MD5_Update(MD5_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:258:3: warning: 'MD5_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      MD5_Final(digest, &md5_context);
      ^
    /usr/include/openssl/md5.h:115:5: note: 'MD5_Final' has been explicitly marked deprecated here
    int MD5_Final(unsigned char *md, MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:289:3: warning: 'SHA1_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA1_Init(&sha_context);
      ^
    /usr/include/openssl/sha.h:121:5: note: 'SHA1_Init' has been explicitly marked deprecated here
    int SHA1_Init(SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:319:9: warning: 'SHA1_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
            SHA1_Update(&sha_context, block_data + data_offset, data_len);
            ^
    /usr/include/openssl/sha.h:122:5: note: 'SHA1_Update' has been explicitly marked deprecated here
    int SHA1_Update(SHA_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:342:3: warning: 'SHA1_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA1_Final(digest, &sha_context);
      ^
    /usr/include/openssl/sha.h:123:5: note: 'SHA1_Final' has been explicitly marked deprecated here
    int SHA1_Final(unsigned char *md, SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:373:3: warning: 'SHA256_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA256_Init(&sha256_context);
      ^
    /usr/include/openssl/sha.h:147:5: note: 'SHA256_Init' has been explicitly marked deprecated here
    int SHA256_Init(SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:402:9: warning: 'SHA256_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
            SHA256_Update(&sha256_context, block_data + data_offset, data_len);
            ^
    /usr/include/openssl/sha.h:148:5: note: 'SHA256_Update' has been explicitly marked deprecated here
    int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    yara/libyara/modules/hash.c:425:3: warning: 'SHA256_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
      SHA256_Final(digest, &sha256_context);
      ^
    /usr/include/openssl/sha.h:149:5: note: 'SHA256_Final' has been explicitly marked deprecated here
    int SHA256_Final(unsigned char *md, SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
        ^
    18 warnings generated.
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules/math.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/math.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules/pe.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/pe.o
    cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules/tests.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/tests.o
    creating build/lib.macosx-10.11-intel-2.7
    cc -bundle -undefined dynamic_lookup -arch i386 -arch x86_64 -Wl,-F. build/temp.macosx-10.11-intel-2.7/yara-python.o build/temp.macosx-10.11-intel-2.7/yara/libyara/ahocorasick.o build/temp.macosx-10.11-intel-2.7/yara/libyara/arena.o build/temp.macosx-10.11-intel-2.7/yara/libyara/atoms.o build/temp.macosx-10.11-intel-2.7/yara/libyara/compiler.o build/temp.macosx-10.11-intel-2.7/yara/libyara/exec.o build/temp.macosx-10.11-intel-2.7/yara/libyara/exefiles.o build/temp.macosx-10.11-intel-2.7/yara/libyara/filemap.o build/temp.macosx-10.11-intel-2.7/yara/libyara/grammar.o build/temp.macosx-10.11-intel-2.7/yara/libyara/hash.o build/temp.macosx-10.11-intel-2.7/yara/libyara/hex_grammar.o build/temp.macosx-10.11-intel-2.7/yara/libyara/hex_lexer.o build/temp.macosx-10.11-intel-2.7/yara/libyara/lexer.o build/temp.macosx-10.11-intel-2.7/yara/libyara/libyara.o build/temp.macosx-10.11-intel-2.7/yara/libyara/mem.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules.o build/temp.macosx-10.11-intel-2.7/yara/libyara/object.o build/temp.macosx-10.11-intel-2.7/yara/libyara/parser.o build/temp.macosx-10.11-intel-2.7/yara/libyara/proc.o build/temp.macosx-10.11-intel-2.7/yara/libyara/re.o build/temp.macosx-10.11-intel-2.7/yara/libyara/re_grammar.o build/temp.macosx-10.11-intel-2.7/yara/libyara/re_lexer.o build/temp.macosx-10.11-intel-2.7/yara/libyara/rules.o build/temp.macosx-10.11-intel-2.7/yara/libyara/scan.o build/temp.macosx-10.11-intel-2.7/yara/libyara/sizedstr.o build/temp.macosx-10.11-intel-2.7/yara/libyara/stream.o build/temp.macosx-10.11-intel-2.7/yara/libyara/strutils.o build/temp.macosx-10.11-intel-2.7/yara/libyara/threading.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/demo.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/elf.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/hash.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/math.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/pe.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/tests.o -L/opt/local/lib -lcrypto -o build/lib.macosx-10.11-intel-2.7/yara.so
    ld: warning: directory not found for option '-L/opt/local/lib'
    ld: warning: directory not found for option '-L/opt/local/lib'
    running install_lib
    copying build/lib.macosx-10.11-intel-2.7/yara.so -> /Library/Python/2.7/site-packages
    running install_egg_info
    running egg_info
    writing yara_python.egg-info/PKG-INFO
    writing top-level names to yara_python.egg-info/top_level.txt
    writing dependency_links to yara_python.egg-info/dependency_links.txt
    warning: manifest_maker: standard file '-c' not found

    reading manifest file 'yara_python.egg-info/SOURCES.txt'
    reading manifest template 'MANIFEST.in'
    writing manifest file 'yara_python.egg-info/SOURCES.txt'
    Copying yara_python.egg-info to /Library/Python/2.7/site-packages/yara_python-3.5.0-py2.7.egg-info
    running install_scripts
    writing list of installed files to '/tmp/pip-fLqXMQ-record/install-record.txt'
    Running setup.py install for yara-python: finished with status 'done'
  Removing source in /private/tmp/pip-build-SD9wqX/yara-python
Successfully installed yara-python-3.5.0
Cleaning up...

So yeah, it looks like if you use pip to install yara-python it doesn't properly recognize OpenSSL stuff and ends up disabling various features of some modules (at least the PE module).

I then spent some time trying to get pip to pass "--dynamic-linking" to setup.py during the build but couldn't get it to work. I don't know where to go from here but can confirm this is a real bug (IMO). A workaround, for now, is to build yara-python from source, possibly using the --dynamic-linking option.

@mlaferrera
Copy link

I'm running into this issue as well, even with a build from source and using --dynamic-linking

(.venv) vagrant@vagrant:/tmp/yara-python$ python setup.py build --dynamic-linking
running build
running build_ext
(.venv) vagrant@vagrant:/tmp/yara-python$ sudo python setup.py install
running install
running bdist_egg
running egg_info
writing yara_python.egg-info/PKG-INFO
writing dependency_links to yara_python.egg-info/dependency_links.txt
writing top-level names to yara_python.egg-info/top_level.txt
reading manifest file 'yara_python.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'yara_python.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_ext
creating build/bdist.linux-x86_64/egg
copying build/lib.linux-x86_64-3.4/yara.cpython-34m.so -> build/bdist.linux-x86_64/egg
creating stub loader for yara.cpython-34m.so
byte-compiling build/bdist.linux-x86_64/egg/yara.py to yara.cpython-34.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/not-zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
writing build/bdist.linux-x86_64/egg/EGG-INFO/native_libs.txt
creating 'dist/yara_python-3.5.0-py3.4-linux-x86_64.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing yara_python-3.5.0-py3.4-linux-x86_64.egg
creating /usr/local/stoq/.venv/lib/python3.4/site-packages/yara_python-3.5.0-py3.4-linux-x86_64.egg
Extracting yara_python-3.5.0-py3.4-linux-x86_64.egg to 

Installed /usr/local/stoq/.venv/lib/python3.4/site-packages/yara_python-3.5.0-py3.4-linux-x86_64.egg
Processing dependencies for yara-python==3.5.0
Finished processing dependencies for yara-python==3.5.0
(.venv) vagrant@vagrant:/tmp/yara-python$ python -c 'import yara; yara.compile(source="import \"pe\" rule test { condition: pe.number_of_signatures > 0 }")'
Traceback (most recent call last):
  File "<string>", line 1, in <module>
yara.SyntaxError: invalid field name "number_of_signatures"

@wxsBSD
Copy link
Contributor

wxsBSD commented Oct 14, 2016

These lines make me think you never cleaned the build from the first time you built and it had this failure?

(.venv) vagrant@vagrant:/tmp/yara-python$ python setup.py build --dynamic-linking
running build
running build_ext

Can you try it after you clean? Particularly you should rm the build and build_ext directories (and anything else which is an artifact of the build).

@mlaferrera
Copy link

mlaferrera commented Oct 14, 2016
edited
Loading

That worked, however, apparently python setup.py clean does not fully clean out prior builds. I ran it right before my previous failed build. This time I manually did rm -rf build/ and the build was successful. But that is a different bug...

(.venv) vagrant@vagrant:/tmp/yara-python$ python setup.py clean
running clean
removing 'build/temp.linux-x86_64-3.4' (and everything under it)
(.venv) vagrant@vagrant:/tmp/yara-python$ ls build/*
build/bdist.linux-x86_64:

build/lib.linux-x86_64-3.4:
yara.cpython-34m.so
(.venv) vagrant@vagrant:/tmp/yara-python$ rm -rf build
(.venv) vagrant@vagrant:/tmp/yara-python$ python setup.py build --dynamic-linking
running build
running build_ext
building 'yara' extension
creating build
creating build/temp.linux-x86_64-3.4
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -fPIC -DHAVE_MEMMEM=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/usr/include/python3.4m -I/usr/local/stoq/.venv/include/python3.4m -c yara-python.c -o build/temp.linux-x86_64-3.4/yara-python.o
creating build/lib.linux-x86_64-3.4
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-Bsymbolic-functions -Wl,-z,relro -g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 build/temp.linux-x86_64-3.4/yara-python.o -lyara -o build/lib.linux-x86_64-3.4/yara.cpython-34m.so
(.venv) vagrant@vagrant:/tmp/yara-python$ python setup.py install
running install
running bdist_egg
running egg_info
writing dependency_links to yara_python.egg-info/dependency_links.txt
writing yara_python.egg-info/PKG-INFO
writing top-level names to yara_python.egg-info/top_level.txt
reading manifest file 'yara_python.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'yara_python.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_ext
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
copying build/lib.linux-x86_64-3.4/yara.cpython-34m.so -> build/bdist.linux-x86_64/egg
creating stub loader for yara.cpython-34m.so
byte-compiling build/bdist.linux-x86_64/egg/yara.py to yara.cpython-34.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/not-zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
writing build/bdist.linux-x86_64/egg/EGG-INFO/native_libs.txt
creating 'dist/yara_python-3.5.0-py3.4-linux-x86_64.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing yara_python-3.5.0-py3.4-linux-x86_64.egg
removing '/usr/local/stoq/.venv/lib/python3.4/site-packages/yara_python-3.5.0-py3.4-linux-x86_64.egg' (and everything under it)
creating /usr/local/stoq/.venv/lib/python3.4/site-packages/yara_python-3.5.0-py3.4-linux-x86_64.egg
Extracting yara_python-3.5.0-py3.4-linux-x86_64.egg to /usr/local/stoq/.venv/lib/python3.4/site-packages
yara-python 3.5.0 is already the active version in easy-install.pth

Installed /usr/local/stoq/.venv/lib/python3.4/site-packages/yara_python-3.5.0-py3.4-linux-x86_64.egg
Processing dependencies for yara-python==3.5.0
Finished processing dependencies for yara-python==3.5.0
(.venv) vagrant@vagrant:/tmp/yara-python$ python -c 'import yara; yara.compile(source="import \"pe\" rule test { condition: pe.number_of_signatures > 0 }")'
(.venv) vagrant@vagrant:/tmp/yara-python$

@edeca edeca mentioned this issue Dec 20, 2016
Closed
@hnstance
Copy link

I can confirm that this is a real bug as well. My solution was to replace the yara-python/config.h with a config.h generated by running ./configure --with-crypto from the non-Python version. Below is my config.h; I have --enable-magic as well:

/* config.h.  Generated from config.h.in by configure.  */
/* config.h.in.  Generated from configure.ac by autoheader.  */

/* Define to 1 if you have the <dlfcn.h> header file. */
#define HAVE_DLFCN_H 1

/* Define to 1 if you have the <inttypes.h> header file. */
#define HAVE_INTTYPES_H 1

/* Define to 1 if you have the `crypto' library (-lcrypto). */
#define HAVE_LIBCRYPTO 1

/* Define to 1 if you have the `dmalloc' library (-ldmalloc). */
/* #undef HAVE_LIBDMALLOC */

/* Define to 1 if you have the `jansson' library (-ljansson). */
/* #undef HAVE_LIBJANSSON */

/* Define to 1 if you have the `m' library (-lm). */
#define HAVE_LIBM 1

/* Define to 1 if you have the `magic' library (-lmagic). */
/* #undef HAVE_LIBMAGIC */

/* Define to 1 if you have the `memmem' function. */
#define HAVE_MEMMEM 1

/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1

/* Define if you have POSIX threads libraries and header files. */
/* #undef HAVE_PTHREAD */

/* Define to 1 if you have the <stdint.h> header file. */
#define HAVE_STDINT_H 1

/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1

/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1

/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1

/* Define to 1 if you have the `strlcat' function. */
/* #undef HAVE_STRLCAT */

/* Define to 1 if you have the `strlcpy' function. */
/* #undef HAVE_STRLCPY */

/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1

/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1

/* Define to 1 if you have the `timegm' function. */
#define HAVE_TIMEGM 1

/* Define to 1 if you have the <unistd.h> header file. */
#define HAVE_UNISTD_H 1

/* Define to the sub-directory in which libtool stores uninstalled libraries.
   */
#define LT_OBJDIR ".libs/"

/* Name of package */
#define PACKAGE "yara"

/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT "vmalvarez@virustotal.com"

/* Define to the full name of this package. */
#define PACKAGE_NAME "yara"

/* Define to the full name and version of this package. */
#define PACKAGE_STRING "yara 3.5.0"

/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "yara"

/* Define to the home page for this package. */
#define PACKAGE_URL ""

/* Define to the version of this package. */
#define PACKAGE_VERSION "3.5.0"

/* Define to necessary symbol if this constant uses a non-standard name on
   your system. */
/* #undef PTHREAD_CREATE_JOINABLE */

/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1

/* Version number of package */
#define VERSION "3.5.0"

/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
   `char[]'. */
/* #undef YYTEXT_POINTER */

@plusvic plusvic closed this as completed May 22, 2017
@crobo1337 crobo1337 mentioned this issue Oct 27, 2017
Closed
@cgupta6
Copy link

cgupta6 commented Sep 3, 2018

I resolved it using and worked for me:
pip install --global-option="build" --global-option="--enable-cuckoo" --global-option="--enable-magic" yara-python

@ProductiveAsparagus56
Copy link

Phew.. i spent so much time trying to get this to work, i will never forget the link of this thread. thank you all so much! @cgupta6 gave me the last hint :)

@Onager Onager mentioned this issue Nov 11, 2020
Closed
@loganasherjones loganasherjones mentioned this issue May 3, 2021
Open
@utkonos
Copy link

utkonos commented Oct 17, 2021

The pip command above that works for some users does not appear to work correctly on macOS. If the problem persists try the following:

git clone --recursive git@github.com:VirusTotal/yara-python.git
python setup.py build --dynamic-linking
python setup.py install

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
8 participants
@plusvic @wxsBSD @utkonos @mlaferrera @rholloway @hnstance @cgupta6 @ProductiveAsparagus56