Skip to content

Releases: VirusTotal/yara

YARA v3.7.1

16 Jan 10:34
@plusvic plusvic
v3.7.1
21d82ff
Compare
Choose a tag to compare
YARA v3.7.1
  • Fix regression in include directive (issue #796)
  • Fix bug in PE checksum calculation causing wrong results in some cases.
Assets 4
Loading

YARA v3.7.0

10 Nov 12:31
@plusvic plusvic
v3.7.0
1d1dde6
Compare
Choose a tag to compare
YARA v3.7.0
  • time module (Wesley Shields)
  • yara command-line tool now accept multiple rule files
  • Allow a configurable limit for the number of strings per rule (option --max-strings-per-rule)
  • Implement integrity check for compiled rules
  • Implement API for customizingimport statement (@edhoedt)
  • Scan process memory in FreeBSD and OpenBDS (Hilko Bengen)
  • BUGFIX: Negated character classes not working with case-insensitive regexps (#765)
  • BUGFIX: Multiple bugs while parsing ELF files (Nate Rosenblum)
  • BUGFIX: Out-of-bounds access while parsing PE files.
  • BUGFIX: Memory leaks while parsing invalid rules.

Refer to the documentation for information on how to build and install YARA.

Assets 4
Loading

YARA v3.6.3

05 Jul 16:16
@plusvic plusvic
v3.6.3
06589f7
Compare
Choose a tag to compare
YARA v3.6.3

BUGFIX: Heap overflow (4a342f0)
BUGFIX: Off-by-one NULL write in stack buffer (964d6c0)
BUGFIX: Multiple issues in "dotnet" module (f40c14c, fc35e5f)

Refer to the documentation for information on how to build and install YARA.

Assets 4
Loading

YARA v3.6.2

28 Jun 20:56
@plusvic plusvic
v3.6.2
1f519c7
Compare
Choose a tag to compare
YARA v3.6.2
  • Increase RE_MAX_AST_LEVELS from 2000 to 6000.
  • BUGFIX: Buffer overrun in regexp engine (issue #678)
  • BUGFIX: Null pointer dereference in regexp engine (issue #682).

Refer to the documentation for information on how to build and install YARA.

Assets 4
Loading

YARA v3.6.1

05 Jun 17:45
@plusvic plusvic
v3.6.1
76cae33
Compare
Choose a tag to compare
YARA v3.6.1
  • BUGFIX: Stack overflow caused by uncontrolled recursiveness (CVE-2017-9304)
  • BUGFIX: pe.overlay.size was undefined if the PE didn't have an overlay. Now it's set to 0 in those cases.
  • BUGFIX: Fix initalization issue that could cause a crash if rules compiled with a 32bit yarac is used with a 64bit yara.

Refer to the documentation for information on how to build and install YARA.

Assets 4
Loading

YARA v3.6.0

22 May 11:58
@plusvic plusvic
v3.6.0
0dfe1e8
Compare
Choose a tag to compare
YARA v3.6.0
  • .NET module (Wesley Shields)
  • New features for ELF module (Jacob Baines)
  • Fix endianness issues (Hilko Bengen)
  • Function yr_compiler_add_fd added to libyara
  • MAX_THREADS limit can be arbitrarily increased (Emerson R. Wiley)
  • Added --fail-on-warnings command-line option
  • Multiple bug fixes

Refer to the documentation for information on how to build and install YARA.

Assets 4
Loading

YARA v3.5.0

06 Sep 20:11
@plusvic plusvic
v3.5.0
c857145
Compare
Choose a tag to compare
YARA v3.5.0
  • Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
  • Performance improvements
  • Less memory consumption while scanning processes
  • Exception handling when scanning memory blocks
  • Negative integers in meta fields
  • Added the --stack-size command-argument
  • Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module
  • Functions rich_signature.toolid and rich_signature.version added to PE module
  • Lots of bug fixes

Refer to the documentation for information on how to build and install YARA.

Assets 4
Loading

YARA v3.4.0

18 Jun 13:59
@plusvic plusvic
v3.4.0
040db95
Compare
Choose a tag to compare
YARA v3.4.0
  • Short-circuit evaluation for conditions
  • New yr_rules_save_stream/yr_rules_load_stream APIs.
  • load() and save() methods in yara-python accept file-like objects
  • Improvements to the PE and ELF modules
  • Some performance improvements
  • New command-line option --print-module-data
  • Multiple bug fixes.

Refer to the documentation for information on how to build and install YARA.

Assets 4
Loading

YARA v3.3.0

10 Feb 13:08
@plusvic plusvic
v3.3.0
83d531c
Compare
Choose a tag to compare
YARA v3.3.0
  • Added support for negative integers and floating point numbers
  • Implemented operators >,<, >=, <= for strings
  • Implemented word boundary anchors (\b, \B) in regular expressions
  • New features in PE module
  • Math module
  • New --print-namespace command line argument
  • Better error handling in low memory conditions
  • BUGFIX: "at" operator not working with certain strings containing wildcards
  • BUGFIX: precedence of bitwise operators was incorrect
  • BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal
  • BUGFIX: handle and memory leaks
  • BUGFIX: multiple segfaults

Refer to the documentation for information on how to build and install YARA.

Assets 4
Loading

YARA v3.2.0

10 Nov 15:24
@plusvic plusvic
v3.2.0
344d27a
Compare
Choose a tag to compare
YARA v3.2.0
  • ELF module
  • Hash module
  • New features in PE module
  • Big-endian version of intXX and uintXX functions
  • Modules can declare dictionary objects
  • Modules accept overloaded functions
  • Performance improvements
  • BUGFIX: "and" operator not working properly with integer operands
  • BUGFIX: False positive with strings declared as "fullword wide ascii"
  • BUGFIX: False positive with "wide fullword" strings shorter than 5 bytes
  • BUGFIX: Functions declared in a structure array not working properly
  • BUGFIX: "contains" operator causing segfault if operand is an undefined string

Refer to the documentation for information on how to build and install YARA.

Assets 4
Loading