Releases: VirusTotal/yara
Releases · VirusTotal/yara
YARA v3.7.0
timemodule (Wesley Shields)yaracommand-line tool now accept multiple rule files- Allow a configurable limit for the number of strings per rule (option
--max-strings-per-rule) - Implement integrity check for compiled rules
- Implement API for customizing
importstatement (@edhoedt) - Scan process memory in FreeBSD and OpenBDS (Hilko Bengen)
- BUGFIX: Negated character classes not working with case-insensitive regexps (#765)
- BUGFIX: Multiple bugs while parsing ELF files (Nate Rosenblum)
- BUGFIX: Out-of-bounds access while parsing PE files.
- BUGFIX: Memory leaks while parsing invalid rules.
Refer to the documentation for information on how to build and install YARA.
YARA v3.6.3
BUGFIX: Heap overflow (4a342f0)
BUGFIX: Off-by-one NULL write in stack buffer (964d6c0)
BUGFIX: Multiple issues in "dotnet" module (f40c14c, fc35e5f)
Refer to the documentation for information on how to build and install YARA.
YARA v3.6.2
- Increase RE_MAX_AST_LEVELS from 2000 to 6000.
- BUGFIX: Buffer overrun in regexp engine (issue #678)
- BUGFIX: Null pointer dereference in regexp engine (issue #682).
Refer to the documentation for information on how to build and install YARA.
YARA v3.6.1
- BUGFIX: Stack overflow caused by uncontrolled recursiveness (CVE-2017-9304)
- BUGFIX: pe.overlay.size was undefined if the PE didn't have an overlay. Now it's set to 0 in those cases.
- BUGFIX: Fix initalization issue that could cause a crash if rules compiled with a 32bit yarac is used with a 64bit yara.
Refer to the documentation for information on how to build and install YARA.
YARA v3.6.0
- .NET module (Wesley Shields)
- New features for ELF module (Jacob Baines)
- Fix endianness issues (Hilko Bengen)
- Function
yr_compiler_add_fdadded tolibyara MAX_THREADSlimit can be arbitrarily increased (Emerson R. Wiley)- Added
--fail-on-warningscommand-line option - Multiple bug fixes
Refer to the documentation for information on how to build and install YARA.
YARA v3.5.0
- Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
- Performance improvements
- Less memory consumption while scanning processes
- Exception handling when scanning memory blocks
- Negative integers in meta fields
- Added the --stack-size command-argument
- Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module
- Functions rich_signature.toolid and rich_signature.version added to PE module
- Lots of bug fixes
Refer to the documentation for information on how to build and install YARA.
YARA v3.4.0
- Short-circuit evaluation for conditions
- New yr_rules_save_stream/yr_rules_load_stream APIs.
- load() and save() methods in yara-python accept file-like objects
- Improvements to the PE and ELF modules
- Some performance improvements
- New command-line option --print-module-data
- Multiple bug fixes.
Refer to the documentation for information on how to build and install YARA.
YARA v3.3.0
- Added support for negative integers and floating point numbers
- Implemented operators >,<, >=, <= for strings
- Implemented word boundary anchors (\b, \B) in regular expressions
- New features in PE module
- Math module
- New --print-namespace command line argument
- Better error handling in low memory conditions
- BUGFIX: "at" operator not working with certain strings containing wildcards
- BUGFIX: precedence of bitwise operators was incorrect
- BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal
- BUGFIX: handle and memory leaks
- BUGFIX: multiple segfaults
Refer to the documentation for information on how to build and install YARA.
YARA v3.2.0
- ELF module
- Hash module
- New features in PE module
- Big-endian version of intXX and uintXX functions
- Modules can declare dictionary objects
- Modules accept overloaded functions
- Performance improvements
- BUGFIX: "and" operator not working properly with integer operands
- BUGFIX: False positive with strings declared as "fullword wide ascii"
- BUGFIX: False positive with "wide fullword" strings shorter than 5 bytes
- BUGFIX: Functions declared in a structure array not working properly
- BUGFIX: "contains" operator causing segfault if operand is an undefined string
Refer to the documentation for information on how to build and install YARA.
YARA v3.1.0
- Magic module
- Zero-length file are treated as normal files
- Modules now must implement module_initialize and module_finalize functions
- Accept functions without arguments in modules
- BUGFIX: Fix issue with module functions receiving more than one regular expressions
- BUGFIX: Show appropriate error message while trying to import unknown module
- BUGFIX: Fix segfaults caused by improper buffer bounds validation in PE module
- BUGFIX: Fix dns_lookup function in PE module
Refer to the documentation for information on how to build and install YARA.