applications/forensics tools

yara - yara - find files matching patterns and rules written in a special-purpose language

Website: http://plusvic.github.io/yara/
License: GPL
Vendor: cert.org
Description:
Yara scans the given FILE or the process indentified by PID looking if
it matches the patterns and rules provided in a special purpose-lan‐
guage. The rules are read from RULEFILEs or standard input.

Packages

yara-3.4.0-2.el5.x86_64 [680 KiB] Changelog by Lawrence R. Rogers (2015-09-24):
* Release 3.4.0-2
	Added a build requires of openssl-devel
yara-3.4.0-1.el5.x86_64 [648 KiB] Changelog by Lawrence R. Rogers (2015-06-18):
* Release 3.4.0-1
	Short-circuit evaluation for conditions
	New yr_rules_save_stream/yr_rules_load_stream APIs.
	load() and save() methods in yara-python accept file-like objects
	Improvements to the PE and ELF modules
	Some performance improvements
	New command-line option --print-module-data
	Multiple bug fixes.
yara-3.3.0-1.el5.x86_64 [633 KiB] Changelog by Lawrence R. Rogers (2015-02-10):
* Release 3.3.0-1
	Added support for negative integers and floating point numbers
	Implemented operators >,<, >=, <= for strings
	Implemented word boundary anchors (\b, \B) in regular expressions
	New features in PE module
	Math module
	New --print-namespace command line argument
	Better error handling in low memory conditions
	BUGFIX: "at" operator not working with certain strings containing wildcards
	BUGFIX: precedence of bitwise operators was incorrect
	BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal
	BUGFIX: handle and memory leaks
	BUGFIX: multiple segfaults

Listing created by Repoview-0.6.6-1.el6