yara 1.5 for windows problem

[plusvic]

From hanzuo...@gmail.com on April 11, 2012 09:13:10

What steps will reproduce the problem? 1.yara.exe 1.5
2. when use condition like "2 of ($foo*)"
3. yara can only match sample only has 2 strings matched. 3 or more strings shooted will not match What is the expected output? What do you see instead? What version of the product are you using? On what operating system? Please provide any additional information below.

Original issue: http://code.google.com/p/yara-project/issues/detail?id=37

[plusvic]

From juliavi...@gmail.com on May 31, 2012 18:43:47

Out of curiosity, I decided to test this just now with Yara v1.6
(Disclaimer: I have nothing to do with Yara, I'm just a regular user.)

I don't really understand what this bug report is saying, but here are my observations about " at ":

2 of ($foo*) will...

... always be false if you only have one "$foo1" defined in the strings section.

... be true if you repeat your string twice, even if your input only has a single occurrence. So,
$foo1="foo"
$foo2="foo"
2 of ($foo*)
will always be true if your input file contains a single "foo" string. In general, I don't think anyone is ever going to be writing rules like this.

... work correctly if you have three strings defined, and any two of them appear at least once, for each string. So,
$foo1="foo"
$foo2="bar"
$foo3="buz"
2 of ($foo*)
will match "foobar", but not match "foofoo" or "barbar" Is this the issue?

[plusvic]

From plus...@gmail.com on August 15, 2012 09:02:30

During a brief period of time a buggy version 1.5 having this problem was available to download. The issue was solved short after that this shouldn't be a problem with more recent versions.

Status: Done

[plusvic]

From plus...@gmail.com on August 15, 2012 09:02:32

During a brief period of time a buggy version 1.5 having this problem was available to download. The issue was solved short after that this shouldn't be a problem with more recent versions.