BUGFIX: Use-after-free bug in PE module (#1287).
BUGFIX: Incorrect errors in rules when a single rule is badly formatted (#1294).
BUGFIX: Assertion failed with rules that have invalid syntax (#1295).
BUGFIX: Integer overflow causing missed matches on files larger than 2GB (#1304).
BUGFIX: Crashes in Mac OS while scanning binaries with a signature that can't be verified (#1309).
Assets
4
- New string modifiers base64 and base64wide (#1185).
- New string modifier private (#1096)
- Iterators for dictionaries and arrays (#1141).
- Multiple API changes.
- Memory footprint greatly reduced, specially when compiling large numbers of rules.
- New commmand-line option --scan-list (#1261).
- Added pdb_path field to "pe" module.
- Added export_details array to "pe" module.
- Added exports_index functions to "pe" module.
- Improvements to "cuckoo" module.
- BUGFIX: PE files with multiple signatures are parsed correctly (#940).
- BUGFIX: Fix PE rich header parsing (#1164).
- BUGFIX: Buffer overruns in "dotnet" module (#1167, #1173).
Assets
4
- Duplicated string modifiers are now an error.
- More flexible “xor” modifier.
- Implement “private” strings (#1096)
- Add “field_offsets” to “dotnet” module.
- Implement “crc32” functions in “hash” module.
- Improvements to “rich_signature” functions in “pe” module.
- Implement sandboxed API using SAPI
- BUGFIX: Some regexp character classes not matching correctly when used with “nocase” modifier (#1117)
- BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors for certain hex pattern containing large jumps (#1107)
- BUGFIX: Buffer overrun in “dotnet” module (#1108)
- BUGFIX: Segfault in certain Windows versions (#1068)
- BUGFIX: Memory leak while attaching to a process fails (#1070)
Assets
4
- Optimize integer range loops by exiting earlier when possible.
- Cache the result of PE module’s imphash function in order to improve performance.
- Harden virtual machine against malicious code.
- BUGFIX: “xor” modifier not working as expected if not accompanied by “ascii” (#1053).
- BUGFIX: \s and \S character classes in regular expressions now include vertical tab, new line, carriage return and form feed characters.
- BUGFIX: Regression bug in hex strings containing wildcards (#1025).
- BUGFIX: Buffer overrun in “elf” module.
- BUGFIX: Buffer overrun in “dotnet” module.
Assets
4
- Improve scan performance for certain strings.
- Reduce stack usage.
- Prevent inadvertent use of compiled rules by forcing the use of
-Cwhen usingyaracommand-line tool. - BUGFIX: Buffer overflow in "dotnet" module.
- BUGFIX: Internal error when running multiple instances of YARA in Mac OS X. (#945)
- BUGFIX: Regexp regression when using nested quantifiers {x,y} for certain values of x and y. (#1018)
- BUGFIX: High RAM consumption in "pe" module while parsing certain files.(0c8b461)
- BUGFIX: Denial of service when using "dex" module. Found by the Cisco Talos team. (#1023)
- BUGFIX: Issues with comments inside hex strings.
Refer to the documentation for information on how to build and install YARA.
Assets
4
- BUGFIX: Some combinations of boolean command-line flags were broken in version 3.8.0.
- BUGFIX: While reporting errors that occur at the end of the file, the file name appeared as
null. - BUGFIX:
dexmodule now works in big-endian architectures. - BUGFIX: Keep ABI compatibility by keeping deprecated functions visible.
Refer to the documentation for information on how to build and install YARA.