You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It looks like the latest build of neo23x0's yara ruleset is breaking this build? Based on what i've been able to find it looks like there is possibly some type of version mismatch with the yara-python packages used. Any time a yara rule has a condition that calls pe.imphash the unit tests fail on build_analyzer and compile_rules with [yara.syntaxerror invalid field name"imphash"]
I've tried to clone a fresh copy of everything and rebuild from scratch, but I get the same error. I've also tried to pull the latest yara repos down, but no joy there either.
Has anyone successfully implemented newly released yara rules on this build?
The text was updated successfully, but these errors were encountered:
@crobo1337 problems with *hash can happen if your system doesn't have the OpenSSL development libraries. I just cloned the repo and compiled all the rules with no issue on MacOS. What system are you running on? If it's linux-based, try installing the openssl-devel.x86_64 package before a pip install of the dependencies.
Thanks for flagging! We'll update the documentation once your problem is resolved
I just nuked the entire ec2 instance i was working on and started fresh, followed the install docs to the letter, with the exception of installing openssl and gcc via yum before running the pip requirements install. once i got all of that installed before building the first time everything seems to work.
The python environment seems to be pretty 'sticky'.... annoying.
By sticky, I mean that even after nuking the virtual environment, and installing the correct packages on my build agent, any new virtual environments built after that are still building as if the openssl module isn't installed.