Linux Forensics Tools Repository: Package Summary for Package yara
May 26, 2017: yara{,-doc,-devel}-3.5.0-7.1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or
the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input.
Note that the -devel and -doc packages split out the files needed for development and documentation respectively.
September 11, 2016: yara{,-doc,-devel}-3.5.0-5.1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or
the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input.
This release (5.1) was rebuilt to coincide with the version from Fedora (3.5.0-5)but to eliminate some dependency problems on Fedora 23 and 24.
Note also that the -devel and -doc packages split out the files needed for development and documentation respectively.
August 22, 2016: yara-3.5.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or
the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input.
Here are the changes since the last version (3.4.0):
Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
Performance improvements
Less memory consumption while scanning processes
Exception handling when scanning memory blocks
Negative integers in meta fields
Added the --stack-size command-argument
Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module
Functions rich_signature.toolid and rich_signature.version added to PE module
Lots of bug fixes
September 25, 2015: yara-3.4.0-2.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or
the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input.
Here are the changes since the last version (3.3.0):
Short-circuit evaluation for conditions
New yr_rules_save_stream/yr_rules_load_stream APIs.
load() and save() methods in yara-python accept file-like objects
Improvements to the PE and ELF modules
Some performance improvements
New command-line option --print-module-data
Multiple bug fixes.
In addition, release 2 was built with openssl-devel
February 27, 2015: yara-3.3.0-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or
the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input.
Here are the changes since the last version (2.1.0):
Added support for negative integers and floating point numbers
Implemented operators , <, =, <= for strings
Implemented word boundary anchors (\b, \B) in regular expressions
New features in PE module
Math module
New --print-namespace command line argument
Better error handling in low memory conditions
BUGFIX: at operator not working with certain strings containing wildcards
BUGFIX: precedence of bitwise operators was incorrect
BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal
BUGFIX: handle and memory leaks
BUGFIX: multiple segfaults
July 24, 2014: yara-2.1.0-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm - Yara scans the given FILE or
the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input.
Here are the changes since the last version (1.7.2):
Improve regexp engine
Improve multithreading support
Case-insensitive and single-line matching modes for "matches" operator's regexps
Added "error_on_warning" argument to "match" in yara-python
Recognize x64 PE files
BUGFIX: Mutex handle leak
BUGFIX: NULL pointer dereferences
BUGFIX: Buffer overflow
BUGFIX: Crash while using compiled rules with yara64 in Windows
BUGFIX: Infinite loop while scanning 64bits process in Windows
BUGFIX: Side-effect on "externals" argument in yara-python's "match" function
BUGFIX: "x of them" not working with strings containing unbounded jumps
January 22, 2014: yara-2.0.0-1.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or
the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input.
Here are the changes since the last version (1.7.2):
Faster
Better multi-thread support
Rules can be saved in binary form
December 13, 2013: yara-1.7.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or
the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input.
Here are the changes since the last version (1.7):
BUGFIX: Regular expressions marked as both "wide" and "ascii" were treated as just "wide"
BUGFIX: Bug in "n of ()" operator
BUGFIX: Bug in get_process_memory could cause infinite loop
BUGFIX: Fix SIGABORT in ARM
BUGFIX: Failing to detect one-byte strings at the end of a file.
BUGFIX: Strings being incorrectly printed when markes both as wide and ascii
BUGFIX: Stack overflow while following circular symlinks
BUGFIX: Expression "/re/ matches var" always matching if "var" was an empty string
BUGFIX: Strings marked as "fullword" were incorrectly matching in some cases
April 3, 2013: yara-1.7-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm - Yara scans the given FILE or
the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input.
Here are the changes since the last version:
faster compilation
added suport for modulus (%) and bitwise xor (|) operators
better hashing of regular expressions
BUGFIX: yara-python segfault when using dir() on Rules and Match classes
