search
menu
icon-carat-right
cmu-wordmark
✕
About
What We Do
Leadership
Divisions
Work with Us
Collaboration with CMU
Research and Capabilities
Software Engineering and Information Assurance
Cybersecurity
System Verification and Validation
Data Modeling and Analytics
Mission Assurance
Autonomy and Counter-Autonomy
Human-Machine Interaction
All Work
Publications
Annual Reviews
Blog
Digital Library
Podcast Series
Software and Tools
Technical Papers
Vulnerability Notes Database
Webinar Series
News and Events
News
Events
SEI Bulletin
Education and Outreach
Courses
Credentials
Workforce Development
Curricula
License SEI Materials
Computer Security Incident Response Teams
Careers
Job Openings
Internship Opportunities
Working at the SEI
Carnegie Mellon University
Software Engineering Institute
About
What We Do
Leadership
Divisions
Work with Us
Collaboration with CMU
Research and Capabilities
Software Engineering and Information Assurance
Cybersecurity
System Verification and Validation
Data Modeling and Analytics
Mission Assurance
Autonomy and Counter-Autonomy
Human-Machine Interaction
All Work
Publications
Annual Reviews
Blog
Digital Library
Podcast Series
Software and Tools
Technical Papers
Vulnerability Notes Database
Webinar Series
News and Events
News
Events
SEI Bulletin
Education and Outreach
Courses
Credentials
Workforce Development
Curricula
License SEI Materials
Computer Security Incident Response Teams
Careers
Job Openings
Internship Opportunities
Working at the SEI
LiFTeR: Changes for
yara
May 26, 2017:
yara{,‑doc,‑devel}-3.5.0-7.1.{fc20,fc21,fc22,fc23,fc24,fc25,el6,el7}.{i686,x86_64}.rpm
-
Yara
scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Note that the
-devel
and
-doc
packages split out the files needed for development and documentation respectively.
September 11, 2016:
yara{,‑doc,‑devel}-3.5.0-5.1.{fc20,fc21,fc22,fc23,fc24,el6}.{i686,x86_64}.rpm
-
Yara
scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. This release (5.1) was rebuilt to coincide with the version from Fedora (3.5.0-5)but to eliminate some dependency problems on Fedora 23 and 24. Note also that the
-devel
and
-doc
packages split out the files needed for development and documentation respectively.
August 22, 2016:
yara-3.5.0-1.{fc20,fc21,fc22,fc23,fc24,el6,el7}.{i686,x86_64}.rpm
-
Yara
scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (3.4.0):
Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
Performance improvements
Less memory consumption while scanning processes
Exception handling when scanning memory blocks
Negative integers in meta fields
Added the --stack-size command-argument
Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module
Functions rich_signature.toolid and rich_signature.version added to PE module
Lots of bug fixes
September 25, 2015:
yara-3.4.0-2.{fc17,fc18,fc19,fc20,fc21,fc22,el5,el6,el7}.{i686,x86_64}.rpm
-
Yara
scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (3.3.0):
Short-circuit evaluation for conditions
New yr_rules_save_stream/yr_rules_load_stream APIs.
load() and save() methods in yara-python accept file-like objects
Improvements to the PE and ELF modules
Some performance improvements
New command-line option --print-module-data
Multiple bug fixes.
In addition, release 2 was built with
openssl-devel
February 27, 2015:
yara-3.3.0-1.{fc17,fc18,fc19,fc20,fc21,el5,el6,el7}.{i686,x86_64}.rpm
-
Yara
scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (2.1.0):
Added support for negative integers and floating point numbers
Implemented operators
,
<
,
=
,
<=
for strings
Implemented word boundary anchors (
\b
, \
B
) in regular expressions
New features in PE module
Math module
New
--print-namespace
command line argument
Better error handling in low memory conditions
BUGFIX:
at
operator not working with certain strings containing wildcards
BUGFIX: precedence of bitwise operators was incorrect
BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal
BUGFIX: handle and memory leaks
BUGFIX: multiple segfaults
July 24, 2014:
yara-2.1.0-1.{fc17,fc18,fc19,fc20,el5,el6,el7}.{i686,x86_64}.rpm
-
Yara
scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (1.7.2):
Improve regexp engine
Improve multithreading support
Case-insensitive and single-line matching modes for "matches" operator's regexps
Added "error_on_warning" argument to "match" in yara-python
Recognize x64 PE files
BUGFIX: Mutex handle leak
BUGFIX: NULL pointer dereferences
BUGFIX: Buffer overflow
BUGFIX: Crash while using compiled rules with yara64 in Windows
BUGFIX: Infinite loop while scanning 64bits process in Windows
BUGFIX: Side-effect on "externals" argument in yara-python's "match" function
BUGFIX: "x of them" not working with strings containing unbounded jumps
January 22, 2014:
yara-2.0.0-1.{fc17,fc18,fc19,fc20,el5,el6}.{i686,x86_64}.rpm
-
Yara
scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (1.7.2):
Faster
Better multi-thread support
Rules can be saved in binary form
December 13, 2013:
yara-1.7.2-1.{fc16,fc17,fc18,fc19,el5,el6}.{i686,x86_64}.rpm
-
Yara
scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version (1.7):
BUGFIX: Regular expressions marked as both "wide" and "ascii" were treated as just "wide"
BUGFIX: Bug in "n of (
)" operator
BUGFIX: Bug in get_process_memory could cause infinite loop
BUGFIX: Fix SIGABORT in ARM
BUGFIX: Failing to detect one-byte strings at the end of a file.
BUGFIX: Strings being incorrectly printed when markes both as wide and ascii
BUGFIX: Stack overflow while following circular symlinks
BUGFIX: Expression "/re/ matches var" always matching if "var" was an empty string
BUGFIX: Strings marked as "fullword" were incorrectly matching in some cases
April 3, 2013:
yara-1.7-1.{fc15,fc16,fc17,fc18,el5,el6}.{i686,x86_64}.rpm
-
Yara
scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose language. The rules are read from RULEFILEs or standard input. Here are the changes since the last version:
faster compilation
added suport for modulus (
%
) and bitwise xor (
|
) operators
better hashing of regular expressions
BUGFIX: yara-python segfault when using dir() on Rules and Match classes
BUGFIX: Integer overflow causing infinite loop
BUGFIX: Handling strings containing
\x00
characters correctly
BUGFIX: Regular expressions not matching at the end of the file when compiled with RE2
BUGFIX: Memory leaks
BUGFIX: File handle leaks