http://open-source-security-software.net/project/yara/releases.atom Recent releases for yara 2025-08-02T13:26:00.890664+00:00 python-feedgen yara v2.1.0 yara v2.1.0 2014-03-05T11:28:44+00:00 - Improve regexp engine - Improve multithreading support - Case-insensitive and single-line matching modes for "matches" operator's regexps - Added "error_on_warning" argument to "match" in yara-python - Recognize x64 PE files - BUGFIX: Mutex handle leak - BUGFIX: NULL pointer dereferences - BUGFIX: Buffer overflow - BUGFIX: Crash while using compiled rules with yara64 in Windows - BUGFIX: Infinite loop while scanning 64bits process in Windows - BUGFIX: Side-effect on "externals" argument in yara-python's "match" function - BUGFIX: "x of them" not working with strings containing unbounded jumps Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. 2014-03-05T11:28:44+00:00 yara v3.0.0 yara v3.0.0 2014-08-13T13:26:06+00:00 - Support for modules - PE module - Cuckoo module - Some improvements in the C API - More comprehensive documentation - BUGFIX: Start anchor (^) not working properly with the "matches" operator - BUGFIX: False negative with certain regular expressions - BUGFIX: Improper handling of nested includes with relative pathes - BUGFIX: \s character class not recognizing \n, \r, \v and \f as spaces - BUGFIX: YARA for Win64 scanning only the first 4GB of files. - BUGFIX: Segmentation fault when using nested loops - BUGFIX: Segmentation fault caused by invalid characters in regular expressions - BUGFIX: Segmentation fault while scanning some processes in Windows - BUGFIX: Segmentation fault caused by regexp code spanning over non-contiguous memory pages Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. 2014-08-13T13:26:06+00:00 yara v2.0.0 yara v2.0.0 2014-08-26T11:36:16+00:00 - Faster matching algorithm - Command-line scanner is now multi-threaded - Compiled rules can be saved to and loaded from a file - Added support for unbounded jumps - New libyara API Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. 2014-08-26T11:36:16+00:00 yara v3.1.0 yara v3.1.0 2014-08-26T11:50:27+00:00 - Magic module - Zero-length file are treated as normal files - Modules now must implement module_initialize and module_finalize functions - Accept functions without arguments in modules - BUGFIX: Fix issue with module functions receiving more than one regular expressions - BUGFIX: Show appropriate error message while trying to import unknown module - BUGFIX: Fix segfaults caused by improper buffer bounds validation in PE module - BUGFIX: Fix dns_lookup function in PE module Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. 2014-08-26T11:50:27+00:00 yara v3.2.0 yara v3.2.0 2014-11-10T15:24:57+00:00 - ELF module - Hash module - New features in PE module - Big-endian version of intXX and uintXX functions - Modules can declare dictionary objects - Modules accept overloaded functions - Performance improvements - BUGFIX: "and" operator not working properly with integer operands - BUGFIX: False positive with strings declared as "fullword wide ascii" - BUGFIX: False positive with "wide fullword" strings shorter than 5 bytes - BUGFIX: Functions declared in a structure array not working properly - BUGFIX: "contains" operator causing segfault if operand is an undefined string Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0). 2014-11-10T15:24:57+00:00 yara v3.3.0 yara v3.3.0 2015-02-10T13:08:38+00:00 - Added support for negative integers and floating point numbers - Implemented operators >,<, >=, <= for strings - Implemented word boundary anchors (\b, \B) in regular expressions - New features in PE module - Math module - New --print-namespace command line argument - Better error handling in low memory conditions - BUGFIX: "at" operator not working with certain strings containing wildcards - BUGFIX: precedence of bitwise operators was incorrect - BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal - BUGFIX: handle and memory leaks - BUGFIX: multiple segfaults Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0). 2015-02-10T13:08:38+00:00 yara v3.4.0 yara v3.4.0 2015-06-18T13:59:32+00:00 - Short-circuit evaluation for conditions - New yr_rules_save_stream/yr_rules_load_stream APIs. - load() and save() methods in yara-python accept file-like objects - Improvements to the PE and ELF modules - Some performance improvements - New command-line option --print-module-data - Multiple bug fixes. Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0). 2015-06-18T13:59:32+00:00 yara v3.5.0 yara v3.5.0 2016-09-06T20:11:05+00:00 - Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length) - Performance improvements - Less memory consumption while scanning processes - Exception handling when scanning memory blocks - Negative integers in meta fields - Added the --stack-size command-argument - Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module - Functions rich_signature.toolid and rich_signature.version added to PE module - Lots of bug fixes Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0). 2016-09-06T20:11:05+00:00 yara v3.6.0 yara v3.6.0 2017-05-22T11:58:16+00:00 * .NET module (Wesley Shields) * New features for ELF module (Jacob Baines) * Fix endianness issues (Hilko Bengen) * Function `yr_compiler_add_fd` added to `libyara` * `MAX_THREADS` limit can be arbitrarily increased (Emerson R. Wiley) * Added `--fail-on-warnings` command-line option * Multiple bug fixes Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=). 2017-05-22T11:58:16+00:00 yara v3.6.1 yara v3.6.1 2017-06-05T17:45:22+00:00 * BUGFIX: Stack overflow caused by uncontrolled recursiveness (CVE-2017-9304) * BUGFIX: pe.overlay.size was undefined if the PE didn't have an overlay. Now it's set to 0 in those cases. * BUGFIX: Fix initalization issue that could cause a crash if rules compiled with a 32bit yarac is used with a 64bit yara. Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=). 2017-06-05T17:45:22+00:00 yara v3.6.2 yara v3.6.2 2017-06-28T20:56:48+00:00 * Increase RE_MAX_AST_LEVELS from 2000 to 6000. * BUGFIX: Buffer overrun in regexp engine (issue #678) * BUGFIX: Null pointer dereference in regexp engine (issue #682). Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=). 2017-06-28T20:56:48+00:00 yara v3.6.3 yara v3.6.3 2017-07-05T16:16:36+00:00 BUGFIX: Heap overflow (4a342f01e5439b9bb901aff1c6c23c536baeeb3f) BUGFIX: Off-by-one NULL write in stack buffer (964d6c0835d3afa84d3bdb71d1bb15b64f31753a) BUGFIX: Multiple issues in "dotnet" module (f40c14c140ecc5e6cfd88fdac157aa4bd8255059, fc35e5f2a5259be70b74891076f81f6a7dcc5bad) Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=). 2017-07-05T16:16:36+00:00 yara v3.7.0 yara v3.7.0 2017-11-10T12:31:40+00:00 * `time` module (Wesley Shields) * `yara` command-line tool now accept multiple rule files * Allow a configurable limit for the number of strings per rule (option `--max-strings-per-rule`) * Implement integrity check for compiled rules * Implement API for customizing`import` statement (@edhoedt) * Scan process memory in FreeBSD and OpenBDS (Hilko Bengen) * BUGFIX: Negated character classes not working with case-insensitive regexps (#765) * BUGFIX: Multiple bugs while parsing ELF files (Nate Rosenblum) * BUGFIX: Out-of-bounds access while parsing PE files. * BUGFIX: Memory leaks while parsing invalid rules. Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=). 2017-11-10T12:31:40+00:00 yara v3.7.1 yara v3.7.1 2018-01-16T10:34:53+00:00 * Fix regression in include directive (issue #796) * Fix bug in PE checksum calculation causing wrong results in some cases. 2018-01-16T10:34:53+00:00 yara v3.8.0 yara v3.8.0 2018-08-06T14:03:31+00:00 * Scanner API * New “xor” modifier for strings * New fields and functions in PE module. * Add functions “min” and “max” to math module. * Make compiled. * `yara` and `yarac`support reading rules from stdin by using `-` as the file name. * Rule compilation is faster. * BUGFIX: Regression in regex engine. /ba{3}b/ was matching “baaaab”. * BUGFIX: Function yr_compiler_add_fd() was reading only the first 1024 bytes of the file. * BUGFIX: Wrong calculation of sha256 hashes in Windows when using native crypto API. * Lots of more bug fixes. Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=). 2018-08-06T14:03:31+00:00 yara v3.8.1 yara v3.8.1 2018-08-16T13:54:51+00:00 * BUGFIX: Some combinations of boolean command-line flags were broken in version 3.8.0. * BUGFIX: While reporting errors that occur at the end of the file, the file name appeared as `null`. * BUGFIX: `dex` module now works in big-endian architectures. * BUGFIX: Keep ABI compatibility by keeping deprecated functions visible. 2018-08-16T13:54:51+00:00 yara v3.9.0 yara v3.9.0 2019-02-22T18:09:32+00:00 * Improve scan performance for certain strings. * Reduce stack usage. * Prevent inadvertent use of compiled rules by forcing the use of `-C` when using `yara` command-line tool. * BUGFIX: Buffer overflow in "dotnet" module. * BUGFIX: Internal error when running multiple instances of YARA in Mac OS X. (#945) * BUGFIX: Regexp regression when using nested quantifiers {x,y} for certain values of x and y. (#1018) * BUGFIX: High RAM consumption in "pe" module while parsing certain files.(0c8b461154269c0f7ba9c71c1a3b8c65af29c7ac) * BUGFIX: Denial of service when using "dex" module. Found by the Cisco Talos team. (#1023) * BUGFIX: Issues with comments inside hex strings. Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA. Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=). 2019-02-22T18:09:32+00:00 yara v3.10.0 yara v3.10.0 2019-05-02T14:32:26+00:00 * Optimize integer range loops by exiting earlier when possible. * Cache the result of PE module’s imphash function in order to improve performance. * Harden virtual machine against malicious code. * BUGFIX: “xor” modifier not working as expected if not accompanied by “ascii” (#1053). * BUGFIX: \s and \S character classes in regular expressions now include vertical tab, new line, carriage return and form feed characters. * BUGFIX: Regression bug in hex strings containing wildcards (#1025). * BUGFIX: Buffer overrun in “elf” module. * BUGFIX: Buffer overrun in “dotnet” module. 2019-05-02T14:32:26+00:00 yara v3.11.0 yara v3.11.0 2019-10-10T11:31:43+00:00 * More flexible “xor” modifier. * Implement “private” strings (#1096) * Add “field_offsets” to “dotnet” module. * Implement “crc32” functions in “hash” module. * Improvements to “rich_signature” functions in “pe” module. * Implement sandboxed API using [SAPI](https://github.com/google/sandboxed-api) * BUGFIX: Some regexp character classes not matching correctly when used with “nocase” modifier (#1117) * BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors for certain hex pattern containing large jumps (#1107) * BUGFIX: Buffer overrun in “dotnet” module (#1108) * BUGFIX: Segfault in certain Windows versions (#1068) * BUGFIX: Memory leak while attaching to a process fails (#1070) 2019-10-10T11:31:43+00:00 yara v4.0.0 yara v4.0.0 2020-04-29T09:02:44+00:00 * New string modifiers [base64](https://yara.readthedocs.io/en/latest/writingrules.html#base64-strings) and [base64wide](https://yara.readthedocs.io/en/latest/writingrules.html#base64-strings) (#1185). * New string modifier [private](https://yara.readthedocs.io/en/latest/writingrules.html#private-strings) (#1096) * [Iterators](https://yara.readthedocs.io/en/latest/writingrules.html#iterators) for dictionaries and arrays (#1141). * Multiple [API changes](https://github.com/VirusTotal/yara/wiki/Backward-incompatible-changes-in-YARA-4.0-API). * Memory footprint greatly reduced, specially when compiling large numbers of rules. * New commmand-line option [--scan-list](https://yara.readthedocs.io/en/latest/commandline.html#cmdoption-yara-scan-list) (#1261). * Added [pdb_path](https://yara.readthedocs.io/en/latest/modules/pe.html#c.pdb_path) field to "pe" module. * Added [export_details](https://yara.readthedocs.io/en/latest/modules/pe.html#c.exports_index) array to "pe" module. * Added [exports_index](https://yara.readthedocs.io/en/latest/modules/pe.html#c.exports_index) functions to "pe" module. * [Improvements](https://github.com/VirusTotal/yara/commit/3e970d4bebf811f960b710c258d35ee7c1baa691) to "cuckoo" module. * BUGFIX: PE files with multiple signatures are parsed correctly (#940). * BUGFIX: Fix PE rich header parsing (#1164). * BUGFIX: Buffer overruns in "dotnet" module (#1167, #1173). 2020-04-29T09:02:44+00:00 yara v4.0.1 yara v4.0.1 2020-05-15T09:03:50+00:00 * Update sandboxed API (#1276) * BUGFIX: Fix regression in exports parsing in PE module (2bf67e6ae8bee818fb535807370b03f0c9abfb85) * BUGFIX: Fix unaligned accesses in ARM (e1654ae49c14954f18cc442885b0556ebed5aced) 2020-05-15T09:03:50+00:00 yara v4.0.2 yara v4.0.2 2020-06-26T07:43:13+00:00 BUGFIX: Use-after-free bug in PE module (#1287). BUGFIX: Incorrect errors in rules when a single rule is badly formatted (#1294). BUGFIX: Assertion failed with rules that have invalid syntax (#1295). BUGFIX: Integer overflow causing missed matches on files larger than 2GB (#1304). BUGFIX: Crashes in Mac OS while scanning binaries with a signature that can't be verified (#1309). 2020-06-26T07:43:13+00:00 yara v4.0.3 yara v4.0.3 2021-01-26T15:06:30+00:00 * BUGFIX: Multiple out-of-bounds read in "dotnet" module. * BUGFIX: Multiple out-of-bounds reads in "macho" module. * BUGFIX: Integer overflow in "macho" module. Credits to Luis Merino from X41 D-SEC GmbH for finding the issues in "macho" module, and to OSS-Fuzz for finding the "dotnet" issues. 2021-01-26T15:06:30+00:00 yara v4.0.4 yara v4.0.4 2021-01-27T15:35:13+00:00 * BUGFIX: Multiple out-of-bounds read in "dotnet" module. * BUGFIX: Multiple out-of-bounds reads in "macho" module. Credits to Luis Merino from X41 D-SEC GmbH for reporting these issues. 2021-01-27T15:35:13+00:00 yara v4.0.5 yara v4.0.5 2021-02-05T15:14:33+00:00 BUGFIX: Fix bug in "macho" module introduced in v4.0.4. 2021-02-05T15:14:33+00:00 yara v4.1.0-rc1 yara v4.1.0-rc1 2021-03-18T10:44:40+00:00 * New operators `icontains`, `endswith`, `iendswith`, `startswith`, `istartswith`. * Raise warnings for non-ascii strings. Read [more](https://github.com/VirusTotal/yara/wiki/Unicode-characters-in-YARA). * Accept `\t` escape sequence in text strings. * Add `--no-follow-links` command-line option to `yara`. * Prevent `yara` from following links to "." (@1d2d). * Implemented [non-blocking scanning API]([https://github.com/VirusTotal/yara/commit/cba6932759ec16a61288b1314b3aee1103ad03ec](https://github.com/VirusTotal/yara/commit/cba6932759ec16a61288b1314b3aee1103ad03ec)) (@simonhf). * When a string causes too many matches, YARA raises a warning instead of failing. 2021-03-18T10:44:40+00:00 yara v4.1.0-rc2 yara v4.1.0-rc2 2021-03-22T13:12:17+00:00 * Don't raise warnings for non-ASCII strings. 2021-03-22T13:12:17+00:00 yara v4.1.0 yara v4.1.0 2021-04-26T12:06:30+00:00 * New operators `icontains`, `endswith`, `iendswith`, `startswith`, `istartswith`. * Accept `\t` escape sequence in text strings. * Add `--no-follow-links` command-line option to yara. * Prevent yara from following links to "." (@1D2D). * Implemented non-blocking scanning API (@simonhf). * When a string causes too many matches, YARA raises a warning instead of failing (@wxsBSD). * BUGFIX: The use of `--timeout` could hang `yara` when scanning directories or lists of files (#1481). * BUGFIX: Incorrect parsing of PE certificates (#1443). * BUGFIX: Short-circuit evaluation not working fine with undefined expressions. 2021-04-26T12:06:30+00:00 yara v4.1.1 yara v4.1.1 2021-05-24T10:36:10+00:00 BUGFIX: Accept the "+" character as valid in DLL names (#1501). BUGFIX: Buffer overrun in "macho" module. BUGFIX: Undefined behavior in Windows implementation of yr_filemap_xxx functions (#1302). BUGFIX: Crash due to consecutive jumps in hex strings (#1492). 2021-05-24T10:36:10+00:00 yara v4.1.2 yara v4.1.2 2021-08-23T14:11:34+00:00 BUGFIX: `TOO_MANY_MATCHES` warning was causing strings to be globally disabled (#1532). BUGFIX: `fullworld` modifier not working as expected in Mac OS due to locale issue (#1544, https://github.com/VirusTotal/yara-python/issues/184). BUGFIX: Default value for pe.number_of_imported_function not set to 0 (#1546). 2021-08-23T14:11:34+00:00 yara v4.1.3 yara v4.1.3 2021-10-21T11:17:03+00:00 BUGFIX: Fix issue where `ERROR_TOO_MANY_MATCHES` was incorrectly returned (6085d3f). BUGFIX: Fix potential buffer overrun due to incorrect macro (d5c83c6). 2021-10-21T11:17:03+00:00 yara v4.2.0-rc1 yara v4.2.0-rc1 2022-01-10T16:41:50+00:00 * New syntax for counting string occurrences within a range of offsets. Example: `#a in (0..100)` (#1565). * New syntax for checking if a set of strings are found within a range of offsets `all of them in (0..100)` (#1554). * `of` operator now accepts sets of rules, Examples: `2 of (rule1, rule2, rule3)`, `2 of (rule*)` (##1597) * New syntactic sugar allows writing `0 of ($a)` as `none of ($a*)` (#1559). * New operator `%` for string sets. Example: `20% of them` (#1434). * New operator `defined` (#1529). * New operator `iequals` (#1536). * Added functions `abs`, `count`, `percentage` and `mode` to `math` module (#1483). * Added new `console` module (#1594). * Added support of delayed imports to `pe` module (#1523). * Reduce memory pressure when scanning process memory in Linux (#1470). * Improve performance while matching certain hex strings (#1526, #1552). * Implement support for unicode file names in Windows (#1491). * Add new API functions `yr_get_configuration_uintXX` and `yr_set_configuration_uintXX` (#1621). * Add `--max-process-memory-chunk` option for controlling the size of the chunks while scanning a process memory (#1393). * Add `--skip-larger` option for skipping files larger than a certain size while scanning directories. * BUGFIX: `fullword` modifier not working properly under all locales (#1544). * BUGFIX: Fix edge case when files have a numeric name that was interpreted as a PID number (#1541). * BUGFIX: Fix memory leaks in `magic` module. Thanks to @wxsBSD, @secDre4mer, @regeciovad, @ladislav-zezula, @hillu, @xbabka01, @LearnToGetBetter 2022-01-10T16:41:50+00:00 yara v4.2.0 yara v4.2.0 2022-03-10T15:18:19+00:00 * New syntax for counting string occurrences within a range of offsets. Example: `#a in (0..100)` (#1565). * New syntax for checking if a set of strings are found within a range of offsets `all of them in (0..100)` (#1554). * `of` operator now accepts sets of rules, Examples: `2 of (rule1, rule2, rule3)`, `2 of (rule*)` (##1597) * New syntactic sugar allows writing `0 of ($a)` as `none of ($a*)` (#1559). * New operator `%` for string sets. Example: `20% of them` (#1434). * New operator `defined` (#1529). * New operator `iequals` (#1536). * Added functions `abs`, `count`, `percentage` and `mode` to `math` module (#1483). * The `dotnet` module is now built into YARA by default. * Added the `is_dotnet` field to `dotnet` module (#1568). * Added new `console` module (#1594). * Added support of delayed imports to `pe` module (#1523). * Reduce memory pressure when scanning process memory in Linux (#1470). * Improve performance while matching certain hex strings (#1526, #1552). * Implement support for unicode file names in Windows (#1491). * Add new API functions `yr_get_configuration_uintXX` and `yr_set_configuration_uintXX` (#1621). * Add `--max-process-memory-chunk` option for controlling the size of the chunks while scanning a process memory (#1393). * Add `--skip-larger` option for skipping files larger than a certain size while scanning directories. * Improve scanning performance with better atom extraction (#1656). * BUGFIX: `fullword` modifier not working properly under all locales (#1544). * BUGFIX: Fix edge case when files have a numeric name that was interpreted as a PID number (#1541). * BUGFIX: Fix memory leaks in `magic` module. * BUGFIX: Fix integer overflow while scanning files larger than 2GB (#1615). Thanks to @wxsBSD, @secDre4mer, @regeciovad, @ladislav-zezula, @hillu, @xbabka01, @LearnToGetBetter, @vlaci, @HoundThe 2022-03-10T15:18:19+00:00 yara v4.2.1 yara v4.2.1 2022-04-26T09:11:14+00:00 * Implement the `--skip-larger` command-line option in Windows. * BUGFIX: Error while scanning process memory in Linux (#1662). Thanks to @hillu. * BUGFIX: Issue in "magic" module leading to wrong matches (#1663). * BUGFIX: Multiple issues triggered in low-memory conditions (#1671, #1673, #1674, #1675). Reported by @1ndahous3. * BUGFIX: Incorrect parsing of character classes in some regular expressions (#1690). Reported by @Sevaarcen. * BUGFIX: Heap overflow in ARM. Reported by @briangreenery. 2022-04-26T09:11:14+00:00 yara v4.2.2 yara v4.2.2 2022-06-30T09:08:46+00:00 * BUGFIX: Fix buffer overrun in "dex" module (#1728). * BUGFIX: Wrong offset used when checking Version string of .net metadata (#1708). * BUGFIX: YARA doesn't compile if `--with-debug-verbose` flag is enabled (#1719). * BUGFIX: Null-pointer dereferences while loading corrupted compiled rules (#1727). Thanks to @sudhackar, @wxsBSD, @dangodangodango, @MatejKastak 2022-06-30T09:08:46+00:00 yara v4.2.3 yara v4.2.3 2022-08-09T07:43:53+00:00 * BUGFIX: Fix security issue that can lead to arbitrary code execution (b77e4f45b4662af320c999d4ee559e1f3bc61226, b77e4f45b4662af320c999d4ee559e1f3bc61226). Thanks to [ANSSI - CERT-FR](https://cert.ssi.gouv.fr/) for the report. * BUGFIX: Fix incorrect logic in expressions like `<quantifier> of <string_set> in (start..end` (https://github.com/VirusTotal/yara/issues/1757). 2022-08-09T07:43:53+00:00 yara v4.3.0-rc1 yara v4.3.0-rc1 2022-12-30T17:23:02+00:00 * Added a not operator for bytes in hex strings. Example: `{01 ~02 03}` (#1676). * `for` statement can iterate over sets of literal strings (e.g. `for any s in ("a", "b"): (pe.imphash() == s)`) (#1787). * `of` statement can be used with `at` (e.g. `any of them at 0`) (#1790). * Added the `--print-xor-key` (`-X` in short form) command-line option that prints the XOR key for xored strings (#1745). * Implement the `--skip-larger` command-line option in Windows (#1678). * Add parsing of .NET user types from .NET metadata stream in "dotnet" module (#1605). * Improve certificate parsing and validation in "pe" module (#1623). * Add `telfhash()` function to "elf" module (#1624). * Add `to_int()` and `to_string()` functions to "math" module (#1767). * Improve error reporting on certain edge cases (#1709, #1722). * BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (#1724). * BUGFIX: Fix implementation of `math.serial_correlation`(#1771). * BUGFIX: Fix infinite recursion in `dotnet` module (#1794). * BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1. Thanks to @shanehuntley, @1ndahous3, @HoundThe, @wxsBSD, @vthib 2022-12-30T17:23:02+00:00 yara v4.3.0 yara v4.3.0 2023-03-27T14:36:35+00:00 * Added a not operator for bytes in hex strings. Example: `{01 ~02 03}` (#1676). * `for` statement can iterate over sets of literal strings (e.g. `for any s in ("a", "b"): (pe.imphash() == s)`) (#1787). * `of` statement can be used with `at` (e.g. `any of them at 0`) (#1790). * Added the `--print-xor-key` (`-X` in short form) command-line option that prints the XOR key for xored strings (#1745). * Implement the `--skip-larger` command-line option in Windows (#1678). * Add parsing of .NET user types from .NET metadata stream in "dotnet" module (#1605). * Improve certificate parsing and validation in "pe" module (#1623). * Add `telfhash()` function to "elf" module (#1624). * Add `to_int()` and `to_string()` functions to "math" module (#1767). * Improve error reporting on certain edge cases (#1709, #1722). * BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (#1724). * BUGFIX: Fix implementation of `math.serial_correlation`(#1771). * BUGFIX: Fix infinite recursion in `dotnet` module (#1794). * BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1 (c2557fc). * BUGFIX: Fix several endianess issues (#1884, #1874, #1855). Thanks to @shanehuntley, @1ndahous3, @HoundThe, @wxsBSD, @vthib, @eeyss01. 2023-03-27T14:36:35+00:00 yara v4.3.1 yara v4.3.1 2023-04-21T08:26:18+00:00 * BUGFIX: Functions `import_rva` and `import_delayed_rva` are now case-insensitive (#1904) * BUGFIX: Fix heap-related issue in `dotnet` module on Windows (#1902) * BUGFIX: Fix heap corruption with certain rules that have very long string sets (67cccf0) 2023-04-21T08:26:18+00:00 yara v4.3.2 yara v4.3.2 2023-06-12T14:28:09+00:00 * BUGFIX: assertion triggered with certain hex patterns when scanning arbitrary files (https://github.com/VirusTotal/yara/commit/bcc631299c9eba3af1fbf6e8a466650185e94988). Reported by Huawei Central Software Institute Security Team. 2023-06-12T14:28:09+00:00 yara v4.4.0 yara v4.4.0 2023-09-19T10:24:44+00:00 * New `lnk` module (https://github.com/VirusTotal/yara/pull/1732). * Unreferenced strings are allowed if their identifier start with` _` (https://github.com/VirusTotal/yara/pull/1941) * New command-line option `--disable-console-logs` for disabling the output of the console module (https://github.com/VirusTotal/yara/pull/1915) * New command-line option `--strict-escape` that raises warnings on unknown escape sequences (https://github.com/VirusTotal/yara/pull/1880). * Improve performance by avoiding the execution of rule conditions that can't match (https://github.com/VirusTotal/yara/pull/1927) * Add callback message `CALLBACK_MSG_TOO_SLOW_SCANNING` for notifying about slow rules (https://github.com/VirusTotal/yara/pull/1921). * Expose function RVA in `pe.export_details`(https://github.com/VirusTotal/yara/pull/1882). * BUGFIX: Fix issues in the computation of `imphash` in `pe` module (https://github.com/VirusTotal/yara/pull/1944). Credits to the NSHC ThreatRecon team! BUGFIX: Fix multiple out-of-bound memory reads in `dex` module (https://github.com/VirusTotal/yara/pull/1949, https://github.com/VirusTotal/yara/pull/1951). * BUGFIX: Fix memory alignment issues (https://github.com/VirusTotal/yara/pull/1930). * BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (https://github.com/VirusTotal/yara/issues/1933). * BUGFIX: Some rules not matching when `--fast-scan` is used (https://github.com/VirusTotal/yara/commit/4de3d574bae5973c711095c1c755166c07dec322) Thanks to: @mgoffin, @wxsBSD, @cblichmann, @secDre4mer, @vthib, @regeciovad, @kylereedmsft, @TommYDeeee, @humpalum 2023-09-19T10:24:44+00:00