@plusvic plusvic released this Aug 16, 2018 · 60 commits to master since this release

Assets 2
  • BUGFIX: Some combinations of boolean command-line flags were broken in version 3.8.0.
  • BUGFIX: While reporting errors that occur at the end of the file, the file name appeared as null.
  • BUGFIX: dex module now works in big-endian architectures.
  • BUGFIX: Keep ABI compatibility by keeping deprecated functions visible.

@plusvic plusvic released this Aug 6, 2018 · 77 commits to master since this release

Assets 2
  • Scanner API
  • New “xor” modifier for strings
  • New fields and functions in PE module.
  • Add functions “min” and “max” to math module.
  • Make compiled.
  • yara and yaracsupport reading rules from stdin by using - as the file name.
  • Rule compilation is faster.
  • BUGFIX: Regression in regex engine. /ba{3}b/ was matching “baaaab”.
  • BUGFIX: Function yr_compiler_add_fd() was reading only the first 1024 bytes of the file.
  • BUGFIX: Wrong calculation of sha256 hashes in Windows when using native crypto API.
  • Lots of more bug fixes.

Refer to the documentation for information on how to build and install YARA.

Windows binaries can be found here.

@plusvic plusvic released this Jan 16, 2018 · 275 commits to master since this release

Assets 2
  • Fix regression in include directive (issue #796)
  • Fix bug in PE checksum calculation causing wrong results in some cases.

@plusvic plusvic released this Nov 10, 2017 · 279 commits to master since this release

Assets 2
  • time module (Wesley Shields)
  • yara command-line tool now accept multiple rule files
  • Allow a configurable limit for the number of strings per rule (option --max-strings-per-rule)
  • Implement integrity check for compiled rules
  • Implement API for customizingimport statement (@edhoedt)
  • Scan process memory in FreeBSD and OpenBDS (Hilko Bengen)
  • BUGFIX: Negated character classes not working with case-insensitive regexps (#765)
  • BUGFIX: Multiple bugs while parsing ELF files (Nate Rosenblum)
  • BUGFIX: Out-of-bounds access while parsing PE files.
  • BUGFIX: Memory leaks while parsing invalid rules.

Refer to the documentation for information on how to build and install YARA.

Windows binaries can be found here.

@plusvic plusvic released this Jul 5, 2017 · 461 commits to master since this release

Assets 2

BUGFIX: Heap overflow (4a342f0)
BUGFIX: Off-by-one NULL write in stack buffer (964d6c0)
BUGFIX: Multiple issues in "dotnet" module (f40c14c, fc35e5f)

Refer to the documentation for information on how to build and install YARA.

Windows binaries can be found here.

@plusvic plusvic released this Jun 28, 2017 · 461 commits to master since this release

Assets 2
  • Increase RE_MAX_AST_LEVELS from 2000 to 6000.
  • BUGFIX: Buffer overrun in regexp engine (issue #678)
  • BUGFIX: Null pointer dereference in regexp engine (issue #682).

Refer to the documentation for information on how to build and install YARA.

Windows binaries can be found here.

@plusvic plusvic released this Jun 5, 2017 · 461 commits to master since this release

Assets 2
  • BUGFIX: Stack overflow caused by uncontrolled recursiveness (CVE-2017-9304)
  • BUGFIX: pe.overlay.size was undefined if the PE didn't have an overlay. Now it's set to 0 in those cases.
  • BUGFIX: Fix initalization issue that could cause a crash if rules compiled with a 32bit yarac is used with a 64bit yara.

Refer to the documentation for information on how to build and install YARA.

Windows binaries can be found here.

@plusvic plusvic released this May 22, 2017 · 469 commits to master since this release

Assets 2
  • .NET module (Wesley Shields)
  • New features for ELF module (Jacob Baines)
  • Fix endianness issues (Hilko Bengen)
  • Function yr_compiler_add_fd added to libyara
  • MAX_THREADS limit can be arbitrarily increased (Emerson R. Wiley)
  • Added --fail-on-warnings command-line option
  • Multiple bug fixes

Refer to the documentation for information on how to build and install YARA.

Windows binaries can be found here.

@plusvic plusvic released this Sep 6, 2016 · 661 commits to master since this release

Assets 2
  • Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
  • Performance improvements
  • Less memory consumption while scanning processes
  • Exception handling when scanning memory blocks
  • Negative integers in meta fields
  • Added the --stack-size command-argument
  • Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module
  • Functions rich_signature.toolid and rich_signature.version added to PE module
  • Lots of bug fixes

Refer to the documentation for information on how to build and install YARA.

Windows binaries can be found here.

@plusvic plusvic released this Jun 18, 2015 · 1029 commits to master since this release

Assets 2
  • Short-circuit evaluation for conditions
  • New yr_rules_save_stream/yr_rules_load_stream APIs.
  • load() and save() methods in yara-python accept file-like objects
  • Improvements to the PE and ELF modules
  • Some performance improvements
  • New command-line option --print-module-data
  • Multiple bug fixes.

Refer to the documentation for information on how to build and install YARA.

Windows binaries can be found here.