Skip to content

YARA v4.2.0-rc1

Pre-release
Pre-release
Compare
Choose a tag to compare
@plusvic plusvic released this 10 Jan 16:41
· 58 commits to 4.2.x since this release
45a2883
  • New syntax for counting string occurrences within a range of offsets. Example: #a in (0..100) (#1565).
  • New syntax for checking if a set of strings are found within a range of offsets all of them in (0..100) (#1554).
  • of operator now accepts sets of rules, Examples: 2 of (rule1, rule2, rule3), 2 of (rule*) (##1597)
  • New syntactic sugar allows writing 0 of ($a) as none of ($a*) (#1559).
  • New operator % for string sets. Example: 20% of them (#1434).
  • New operator defined (#1529).
  • New operator iequals (#1536).
  • Added functions abs, count, percentage and mode to math module (#1483).
  • Added new console module (#1594).
  • Added support of delayed imports to pe module (#1523).
  • Reduce memory pressure when scanning process memory in Linux (#1470).
  • Improve performance while matching certain hex strings (#1526, #1552).
  • Implement support for unicode file names in Windows (#1491).
  • Add new API functions yr_get_configuration_uintXX and yr_set_configuration_uintXX (#1621).
  • Add --max-process-memory-chunk option for controlling the size of the chunks while scanning a process memory (#1393).
  • Add --skip-larger option for skipping files larger than a certain size while scanning directories.
  • BUGFIX: fullword modifier not working properly under all locales (#1544).
  • BUGFIX: Fix edge case when files have a numeric name that was interpreted as a PID number (#1541).
  • BUGFIX: Fix memory leaks in magic module.

Thanks to @wxsBSD, @secDre4mer, @regeciovad, @ladislav-zezula, @hillu, @xbabka01, @LearnToGetBetter