YARA v4.2.0-rc1
Pre-release
Pre-release
- New syntax for counting string occurrences within a range of offsets. Example:
#a in (0..100)
(#1565). - New syntax for checking if a set of strings are found within a range of offsets
all of them in (0..100)
(#1554). of
operator now accepts sets of rules, Examples:2 of (rule1, rule2, rule3)
,2 of (rule*)
(##1597)- New syntactic sugar allows writing
0 of ($a)
asnone of ($a*)
(#1559). - New operator
%
for string sets. Example:20% of them
(#1434). - New operator
defined
(#1529). - New operator
iequals
(#1536). - Added functions
abs
,count
,percentage
andmode
tomath
module (#1483). - Added new
console
module (#1594). - Added support of delayed imports to
pe
module (#1523). - Reduce memory pressure when scanning process memory in Linux (#1470).
- Improve performance while matching certain hex strings (#1526, #1552).
- Implement support for unicode file names in Windows (#1491).
- Add new API functions
yr_get_configuration_uintXX
andyr_set_configuration_uintXX
(#1621). - Add
--max-process-memory-chunk
option for controlling the size of the chunks while scanning a process memory (#1393). - Add
--skip-larger
option for skipping files larger than a certain size while scanning directories. - BUGFIX:
fullword
modifier not working properly under all locales (#1544). - BUGFIX: Fix edge case when files have a numeric name that was interpreted as a PID number (#1541).
- BUGFIX: Fix memory leaks in
magic
module.
Thanks to @wxsBSD, @secDre4mer, @regeciovad, @ladislav-zezula, @hillu, @xbabka01, @LearnToGetBetter