http://open-source-security-software.net/project/yara/releases.atomRecent releases for yara2025-08-02T13:26:00.890664+00:00python-feedgenyara v2.1.0yara v2.1.02014-03-05T11:28:44+00:00- Improve regexp engine
- Improve multithreading support
- Case-insensitive and single-line matching modes for "matches" operator's regexps
- Added "error_on_warning" argument to "match" in yara-python
- Recognize x64 PE files
- BUGFIX: Mutex handle leak
- BUGFIX: NULL pointer dereferences
- BUGFIX: Buffer overflow
- BUGFIX: Crash while using compiled rules with yara64 in Windows
- BUGFIX: Infinite loop while scanning 64bits process in Windows
- BUGFIX: Side-effect on "externals" argument in yara-python's "match" function
- BUGFIX: "x of them" not working with strings containing unbounded jumps
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
2014-03-05T11:28:44+00:00yara v3.0.0yara v3.0.02014-08-13T13:26:06+00:00- Support for modules
- PE module
- Cuckoo module
- Some improvements in the C API
- More comprehensive documentation
- BUGFIX: Start anchor (^) not working properly with the "matches" operator
- BUGFIX: False negative with certain regular expressions
- BUGFIX: Improper handling of nested includes with relative pathes
- BUGFIX: \s character class not recognizing \n, \r, \v and \f as spaces
- BUGFIX: YARA for Win64 scanning only the first 4GB of files.
- BUGFIX: Segmentation fault when using nested loops
- BUGFIX: Segmentation fault caused by invalid characters in regular expressions
- BUGFIX: Segmentation fault while scanning some processes in Windows
- BUGFIX: Segmentation fault caused by regexp code spanning over non-contiguous
memory pages
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
2014-08-13T13:26:06+00:00yara v2.0.0yara v2.0.02014-08-26T11:36:16+00:00- Faster matching algorithm
- Command-line scanner is now multi-threaded
- Compiled rules can be saved to and loaded from a file
- Added support for unbounded jumps
- New libyara API
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
2014-08-26T11:36:16+00:00yara v3.1.0yara v3.1.02014-08-26T11:50:27+00:00- Magic module
- Zero-length file are treated as normal files
- Modules now must implement module_initialize and module_finalize functions
- Accept functions without arguments in modules
- BUGFIX: Fix issue with module functions receiving more than one regular expressions
- BUGFIX: Show appropriate error message while trying to import unknown module
- BUGFIX: Fix segfaults caused by improper buffer bounds validation in PE module
- BUGFIX: Fix dns_lookup function in PE module
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
2014-08-26T11:50:27+00:00yara v3.2.0yara v3.2.02014-11-10T15:24:57+00:00- ELF module
- Hash module
- New features in PE module
- Big-endian version of intXX and uintXX functions
- Modules can declare dictionary objects
- Modules accept overloaded functions
- Performance improvements
- BUGFIX: "and" operator not working properly with integer operands
- BUGFIX: False positive with strings declared as "fullword wide ascii"
- BUGFIX: False positive with "wide fullword" strings shorter than 5 bytes
- BUGFIX: Functions declared in a structure array not working properly
- BUGFIX: "contains" operator causing segfault if operand is an undefined string
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0).
2014-11-10T15:24:57+00:00yara v3.3.0yara v3.3.02015-02-10T13:08:38+00:00- Added support for negative integers and floating point numbers
- Implemented operators >,<, >=, <= for strings
- Implemented word boundary anchors (\b, \B) in regular expressions
- New features in PE module
- Math module
- New --print-namespace command line argument
- Better error handling in low memory conditions
- BUGFIX: "at" operator not working with certain strings containing wildcards
- BUGFIX: precedence of bitwise operators was incorrect
- BUGFIX: incorrect imphash result for certain PE files importing functions by ordinal
- BUGFIX: handle and memory leaks
- BUGFIX: multiple segfaults
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0).
2015-02-10T13:08:38+00:00yara v3.4.0yara v3.4.02015-06-18T13:59:32+00:00- Short-circuit evaluation for conditions
- New yr_rules_save_stream/yr_rules_load_stream APIs.
- load() and save() methods in yara-python accept file-like objects
- Improvements to the PE and ELF modules
- Some performance improvements
- New command-line option --print-module-data
- Multiple bug fixes.
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0).
2015-06-18T13:59:32+00:00yara v3.5.0yara v3.5.02016-09-06T20:11:05+00:00- Match length operator (http://yara.readthedocs.io/en/v3.5.0/writingrules.html#match-length)
- Performance improvements
- Less memory consumption while scanning processes
- Exception handling when scanning memory blocks
- Negative integers in meta fields
- Added the --stack-size command-argument
- Functions import_ordinal, is_dll, is_32bit and is_64bit added to PE module
- Functions rich_signature.toolid and rich_signature.version added to PE module
- Lots of bug fixes
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0).
2016-09-06T20:11:05+00:00yara v3.6.0yara v3.6.02017-05-22T11:58:16+00:00* .NET module (Wesley Shields)
* New features for ELF module (Jacob Baines)
* Fix endianness issues (Hilko Bengen)
* Function `yr_compiler_add_fd` added to `libyara`
* `MAX_THREADS` limit can be arbitrarily increased (Emerson R. Wiley)
* Added `--fail-on-warnings` command-line option
* Multiple bug fixes
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=).
2017-05-22T11:58:16+00:00yara v3.6.1yara v3.6.12017-06-05T17:45:22+00:00* BUGFIX: Stack overflow caused by uncontrolled recursiveness (CVE-2017-9304)
* BUGFIX: pe.overlay.size was undefined if the PE didn't have an overlay. Now it's set to 0 in those cases.
* BUGFIX: Fix initalization issue that could cause a crash if rules compiled with a 32bit yarac is used with a 64bit yara.
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=).2017-06-05T17:45:22+00:00yara v3.6.2yara v3.6.22017-06-28T20:56:48+00:00* Increase RE_MAX_AST_LEVELS from 2000 to 6000.
* BUGFIX: Buffer overrun in regexp engine (issue #678)
* BUGFIX: Null pointer dereference in regexp engine (issue #682).
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=).2017-06-28T20:56:48+00:00yara v3.6.3yara v3.6.32017-07-05T16:16:36+00:00BUGFIX: Heap overflow (4a342f01e5439b9bb901aff1c6c23c536baeeb3f)
BUGFIX: Off-by-one NULL write in stack buffer (964d6c0835d3afa84d3bdb71d1bb15b64f31753a)
BUGFIX: Multiple issues in "dotnet" module (f40c14c140ecc5e6cfd88fdac157aa4bd8255059, fc35e5f2a5259be70b74891076f81f6a7dcc5bad)
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=).2017-07-05T16:16:36+00:00yara v3.7.0yara v3.7.02017-11-10T12:31:40+00:00* `time` module (Wesley Shields)
* `yara` command-line tool now accept multiple rule files
* Allow a configurable limit for the number of strings per rule (option `--max-strings-per-rule`)
* Implement integrity check for compiled rules
* Implement API for customizing`import` statement (@edhoedt)
* Scan process memory in FreeBSD and OpenBDS (Hilko Bengen)
* BUGFIX: Negated character classes not working with case-insensitive regexps (#765)
* BUGFIX: Multiple bugs while parsing ELF files (Nate Rosenblum)
* BUGFIX: Out-of-bounds access while parsing PE files.
* BUGFIX: Memory leaks while parsing invalid rules.
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=).2017-11-10T12:31:40+00:00yara v3.7.1yara v3.7.12018-01-16T10:34:53+00:00* Fix regression in include directive (issue #796)
* Fix bug in PE checksum calculation causing wrong results in some cases.2018-01-16T10:34:53+00:00yara v3.8.0yara v3.8.02018-08-06T14:03:31+00:00* Scanner API
* New “xor” modifier for strings
* New fields and functions in PE module.
* Add functions “min” and “max” to math module.
* Make compiled.
* `yara` and `yarac`support reading rules from stdin by using `-` as the file name.
* Rule compilation is faster.
* BUGFIX: Regression in regex engine. /ba{3}b/ was matching “baaaab”.
* BUGFIX: Function yr_compiler_add_fd() was reading only the first 1024 bytes of the file.
* BUGFIX: Wrong calculation of sha256 hashes in Windows when using native crypto API.
* Lots of more bug fixes.
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=).2018-08-06T14:03:31+00:00yara v3.8.1yara v3.8.12018-08-16T13:54:51+00:00* BUGFIX: Some combinations of boolean command-line flags were broken in version 3.8.0.
* BUGFIX: While reporting errors that occur at the end of the file, the file name appeared as `null`.
* BUGFIX: `dex` module now works in big-endian architectures.
* BUGFIX: Keep ABI compatibility by keeping deprecated functions visible.2018-08-16T13:54:51+00:00yara v3.9.0yara v3.9.02019-02-22T18:09:32+00:00* Improve scan performance for certain strings.
* Reduce stack usage.
* Prevent inadvertent use of compiled rules by forcing the use of `-C` when using `yara` command-line tool.
* BUGFIX: Buffer overflow in "dotnet" module.
* BUGFIX: Internal error when running multiple instances of YARA in Mac OS X. (#945)
* BUGFIX: Regexp regression when using nested quantifiers {x,y} for certain values of x and y. (#1018)
* BUGFIX: High RAM consumption in "pe" module while parsing certain files.(0c8b461154269c0f7ba9c71c1a3b8c65af29c7ac)
* BUGFIX: Denial of service when using "dex" module. Found by the Cisco Talos team. (#1023)
* BUGFIX: Issues with comments inside hex strings.
Refer to the [documentation](http://yara.readthedocs.org/en/latest/gettingstarted.html#compiling-and-installing-yara) for information on how to build and install YARA.
Windows binaries can be found [here](https://www.dropbox.com/sh/umip8ndplytwzj1/AADdLRsrpJL1CM1vPVAxc5JZa?dl=0&lst=).2019-02-22T18:09:32+00:00yara v3.10.0yara v3.10.02019-05-02T14:32:26+00:00* Optimize integer range loops by exiting earlier when possible.
* Cache the result of PE module’s imphash function in order to improve performance.
* Harden virtual machine against malicious code.
* BUGFIX: “xor” modifier not working as expected if not accompanied by “ascii” (#1053).
* BUGFIX: \s and \S character classes in regular expressions now include vertical tab, new line, carriage return and form feed characters.
* BUGFIX: Regression bug in hex strings containing wildcards (#1025).
* BUGFIX: Buffer overrun in “elf” module.
* BUGFIX: Buffer overrun in “dotnet” module.2019-05-02T14:32:26+00:00yara v3.11.0yara v3.11.02019-10-10T11:31:43+00:00* More flexible “xor” modifier.
* Implement “private” strings (#1096)
* Add “field_offsets” to “dotnet” module.
* Implement “crc32” functions in “hash” module.
* Improvements to “rich_signature” functions in “pe” module.
* Implement sandboxed API using [SAPI](https://github.com/google/sandboxed-api)
* BUGFIX: Some regexp character classes not matching correctly when used with “nocase” modifier (#1117)
* BUGFIX: Reduce the number of ERROR_TOO_MANY_RE_FIBERS errors for certain hex pattern containing large jumps (#1107)
* BUGFIX: Buffer overrun in “dotnet” module (#1108)
* BUGFIX: Segfault in certain Windows versions (#1068)
* BUGFIX: Memory leak while attaching to a process fails (#1070)2019-10-10T11:31:43+00:00yara v4.0.0yara v4.0.02020-04-29T09:02:44+00:00* New string modifiers [base64](https://yara.readthedocs.io/en/latest/writingrules.html#base64-strings) and [base64wide](https://yara.readthedocs.io/en/latest/writingrules.html#base64-strings) (#1185).
* New string modifier [private](https://yara.readthedocs.io/en/latest/writingrules.html#private-strings) (#1096)
* [Iterators](https://yara.readthedocs.io/en/latest/writingrules.html#iterators) for dictionaries and arrays (#1141).
* Multiple [API changes](https://github.com/VirusTotal/yara/wiki/Backward-incompatible-changes-in-YARA-4.0-API).
* Memory footprint greatly reduced, specially when compiling large numbers of rules.
* New commmand-line option [--scan-list](https://yara.readthedocs.io/en/latest/commandline.html#cmdoption-yara-scan-list) (#1261).
* Added [pdb_path](https://yara.readthedocs.io/en/latest/modules/pe.html#c.pdb_path) field to "pe" module.
* Added [export_details](https://yara.readthedocs.io/en/latest/modules/pe.html#c.exports_index) array to "pe" module.
* Added [exports_index](https://yara.readthedocs.io/en/latest/modules/pe.html#c.exports_index) functions to "pe" module.
* [Improvements](https://github.com/VirusTotal/yara/commit/3e970d4bebf811f960b710c258d35ee7c1baa691) to "cuckoo" module.
* BUGFIX: PE files with multiple signatures are parsed correctly (#940).
* BUGFIX: Fix PE rich header parsing (#1164).
* BUGFIX: Buffer overruns in "dotnet" module (#1167, #1173).2020-04-29T09:02:44+00:00yara v4.0.1yara v4.0.12020-05-15T09:03:50+00:00* Update sandboxed API (#1276)
* BUGFIX: Fix regression in exports parsing in PE module (2bf67e6ae8bee818fb535807370b03f0c9abfb85)
* BUGFIX: Fix unaligned accesses in ARM (e1654ae49c14954f18cc442885b0556ebed5aced)2020-05-15T09:03:50+00:00yara v4.0.2yara v4.0.22020-06-26T07:43:13+00:00BUGFIX: Use-after-free bug in PE module (#1287).
BUGFIX: Incorrect errors in rules when a single rule is badly formatted (#1294).
BUGFIX: Assertion failed with rules that have invalid syntax (#1295).
BUGFIX: Integer overflow causing missed matches on files larger than 2GB (#1304).
BUGFIX: Crashes in Mac OS while scanning binaries with a signature that can't be verified (#1309).2020-06-26T07:43:13+00:00yara v4.0.3yara v4.0.32021-01-26T15:06:30+00:00* BUGFIX: Multiple out-of-bounds read in "dotnet" module.
* BUGFIX: Multiple out-of-bounds reads in "macho" module.
* BUGFIX: Integer overflow in "macho" module.
Credits to Luis Merino from X41 D-SEC GmbH for finding the issues in "macho" module, and to OSS-Fuzz for finding the "dotnet" issues.2021-01-26T15:06:30+00:00yara v4.0.4yara v4.0.42021-01-27T15:35:13+00:00* BUGFIX: Multiple out-of-bounds read in "dotnet" module.
* BUGFIX: Multiple out-of-bounds reads in "macho" module.
Credits to Luis Merino from X41 D-SEC GmbH for reporting these issues.2021-01-27T15:35:13+00:00yara v4.0.5yara v4.0.52021-02-05T15:14:33+00:00BUGFIX: Fix bug in "macho" module introduced in v4.0.4.2021-02-05T15:14:33+00:00yara v4.1.0-rc1yara v4.1.0-rc12021-03-18T10:44:40+00:00* New operators `icontains`, `endswith`, `iendswith`, `startswith`, `istartswith`.
* Raise warnings for non-ascii strings. Read [more](https://github.com/VirusTotal/yara/wiki/Unicode-characters-in-YARA).
* Accept `\t` escape sequence in text strings.
* Add `--no-follow-links` command-line option to `yara`.
* Prevent `yara` from following links to "." (@1d2d).
* Implemented [non-blocking scanning API]([https://github.com/VirusTotal/yara/commit/cba6932759ec16a61288b1314b3aee1103ad03ec](https://github.com/VirusTotal/yara/commit/cba6932759ec16a61288b1314b3aee1103ad03ec)) (@simonhf).
* When a string causes too many matches, YARA raises a warning instead of failing.2021-03-18T10:44:40+00:00yara v4.1.0-rc2yara v4.1.0-rc22021-03-22T13:12:17+00:00* Don't raise warnings for non-ASCII strings.2021-03-22T13:12:17+00:00yara v4.1.0yara v4.1.02021-04-26T12:06:30+00:00* New operators `icontains`, `endswith`, `iendswith`, `startswith`, `istartswith`.
* Accept `\t` escape sequence in text strings.
* Add `--no-follow-links` command-line option to yara.
* Prevent yara from following links to "." (@1D2D).
* Implemented non-blocking scanning API (@simonhf).
* When a string causes too many matches, YARA raises a warning instead of failing (@wxsBSD).
* BUGFIX: The use of `--timeout` could hang `yara` when scanning directories or lists of files (#1481).
* BUGFIX: Incorrect parsing of PE certificates (#1443).
* BUGFIX: Short-circuit evaluation not working fine with undefined expressions.2021-04-26T12:06:30+00:00yara v4.1.1yara v4.1.12021-05-24T10:36:10+00:00BUGFIX: Accept the "+" character as valid in DLL names (#1501).
BUGFIX: Buffer overrun in "macho" module.
BUGFIX: Undefined behavior in Windows implementation of yr_filemap_xxx functions (#1302).
BUGFIX: Crash due to consecutive jumps in hex strings (#1492).2021-05-24T10:36:10+00:00yara v4.1.2yara v4.1.22021-08-23T14:11:34+00:00BUGFIX: `TOO_MANY_MATCHES` warning was causing strings to be globally disabled (#1532).
BUGFIX: `fullworld` modifier not working as expected in Mac OS due to locale issue (#1544, https://github.com/VirusTotal/yara-python/issues/184).
BUGFIX: Default value for pe.number_of_imported_function not set to 0 (#1546).2021-08-23T14:11:34+00:00yara v4.1.3yara v4.1.32021-10-21T11:17:03+00:00BUGFIX: Fix issue where `ERROR_TOO_MANY_MATCHES` was incorrectly returned (6085d3f).
BUGFIX: Fix potential buffer overrun due to incorrect macro (d5c83c6).2021-10-21T11:17:03+00:00yara v4.2.0-rc1yara v4.2.0-rc12022-01-10T16:41:50+00:00* New syntax for counting string occurrences within a range of offsets. Example: `#a in (0..100)` (#1565).
* New syntax for checking if a set of strings are found within a range of offsets `all of them in (0..100)` (#1554).
* `of` operator now accepts sets of rules, Examples: `2 of (rule1, rule2, rule3)`, `2 of (rule*)` (##1597)
* New syntactic sugar allows writing `0 of ($a)` as `none of ($a*)` (#1559).
* New operator `%` for string sets. Example: `20% of them` (#1434).
* New operator `defined` (#1529).
* New operator `iequals` (#1536).
* Added functions `abs`, `count`, `percentage` and `mode` to `math` module (#1483).
* Added new `console` module (#1594).
* Added support of delayed imports to `pe` module (#1523).
* Reduce memory pressure when scanning process memory in Linux (#1470).
* Improve performance while matching certain hex strings (#1526, #1552).
* Implement support for unicode file names in Windows (#1491).
* Add new API functions `yr_get_configuration_uintXX` and `yr_set_configuration_uintXX` (#1621).
* Add `--max-process-memory-chunk` option for controlling the size of the chunks while scanning a process memory (#1393).
* Add `--skip-larger` option for skipping files larger than a certain size while scanning directories.
* BUGFIX: `fullword` modifier not working properly under all locales (#1544).
* BUGFIX: Fix edge case when files have a numeric name that was interpreted as a PID number (#1541).
* BUGFIX: Fix memory leaks in `magic` module.
Thanks to @wxsBSD, @secDre4mer, @regeciovad, @ladislav-zezula, @hillu, @xbabka01, @LearnToGetBetter2022-01-10T16:41:50+00:00yara v4.2.0yara v4.2.02022-03-10T15:18:19+00:00* New syntax for counting string occurrences within a range of offsets. Example: `#a in (0..100)` (#1565).
* New syntax for checking if a set of strings are found within a range of offsets `all of them in (0..100)` (#1554).
* `of` operator now accepts sets of rules, Examples: `2 of (rule1, rule2, rule3)`, `2 of (rule*)` (##1597)
* New syntactic sugar allows writing `0 of ($a)` as `none of ($a*)` (#1559).
* New operator `%` for string sets. Example: `20% of them` (#1434).
* New operator `defined` (#1529).
* New operator `iequals` (#1536).
* Added functions `abs`, `count`, `percentage` and `mode` to `math` module (#1483).
* The `dotnet` module is now built into YARA by default.
* Added the `is_dotnet` field to `dotnet` module (#1568).
* Added new `console` module (#1594).
* Added support of delayed imports to `pe` module (#1523).
* Reduce memory pressure when scanning process memory in Linux (#1470).
* Improve performance while matching certain hex strings (#1526, #1552).
* Implement support for unicode file names in Windows (#1491).
* Add new API functions `yr_get_configuration_uintXX` and `yr_set_configuration_uintXX` (#1621).
* Add `--max-process-memory-chunk` option for controlling the size of the chunks while scanning a process memory (#1393).
* Add `--skip-larger` option for skipping files larger than a certain size while scanning directories.
* Improve scanning performance with better atom extraction (#1656).
* BUGFIX: `fullword` modifier not working properly under all locales (#1544).
* BUGFIX: Fix edge case when files have a numeric name that was interpreted as a PID number (#1541).
* BUGFIX: Fix memory leaks in `magic` module.
* BUGFIX: Fix integer overflow while scanning files larger than 2GB (#1615).
Thanks to @wxsBSD, @secDre4mer, @regeciovad, @ladislav-zezula, @hillu, @xbabka01, @LearnToGetBetter, @vlaci, @HoundThe 2022-03-10T15:18:19+00:00yara v4.2.1yara v4.2.12022-04-26T09:11:14+00:00* Implement the `--skip-larger` command-line option in Windows.
* BUGFIX: Error while scanning process memory in Linux (#1662). Thanks to @hillu.
* BUGFIX: Issue in "magic" module leading to wrong matches (#1663).
* BUGFIX: Multiple issues triggered in low-memory conditions (#1671, #1673, #1674, #1675). Reported by @1ndahous3.
* BUGFIX: Incorrect parsing of character classes in some regular expressions (#1690). Reported by @Sevaarcen.
* BUGFIX: Heap overflow in ARM. Reported by @briangreenery.2022-04-26T09:11:14+00:00yara v4.2.2yara v4.2.22022-06-30T09:08:46+00:00* BUGFIX: Fix buffer overrun in "dex" module (#1728).
* BUGFIX: Wrong offset used when checking Version string of .net metadata (#1708).
* BUGFIX: YARA doesn't compile if `--with-debug-verbose` flag is enabled (#1719).
* BUGFIX: Null-pointer dereferences while loading corrupted compiled rules (#1727).
Thanks to @sudhackar, @wxsBSD, @dangodangodango, @MatejKastak2022-06-30T09:08:46+00:00yara v4.2.3yara v4.2.32022-08-09T07:43:53+00:00* BUGFIX: Fix security issue that can lead to arbitrary code execution (b77e4f45b4662af320c999d4ee559e1f3bc61226, b77e4f45b4662af320c999d4ee559e1f3bc61226). Thanks to [ANSSI - CERT-FR](https://cert.ssi.gouv.fr/) for the report.
* BUGFIX: Fix incorrect logic in expressions like `<quantifier> of <string_set> in (start..end` (https://github.com/VirusTotal/yara/issues/1757).2022-08-09T07:43:53+00:00yara v4.3.0-rc1yara v4.3.0-rc12022-12-30T17:23:02+00:00* Added a not operator for bytes in hex strings. Example: `{01 ~02 03}` (#1676).
* `for` statement can iterate over sets of literal strings (e.g. `for any s in ("a", "b"): (pe.imphash() == s)`) (#1787).
* `of` statement can be used with `at` (e.g. `any of them at 0`) (#1790).
* Added the `--print-xor-key` (`-X` in short form) command-line option that prints the XOR key for xored strings (#1745).
* Implement the `--skip-larger` command-line option in Windows (#1678).
* Add parsing of .NET user types from .NET metadata stream in "dotnet" module (#1605).
* Improve certificate parsing and validation in "pe" module (#1623).
* Add `telfhash()` function to "elf" module (#1624).
* Add `to_int()` and `to_string()` functions to "math" module (#1767).
* Improve error reporting on certain edge cases (#1709, #1722).
* BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (#1724).
* BUGFIX: Fix implementation of `math.serial_correlation`(#1771).
* BUGFIX: Fix infinite recursion in `dotnet` module (#1794).
* BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1.
Thanks to @shanehuntley, @1ndahous3, @HoundThe, @wxsBSD, @vthib 2022-12-30T17:23:02+00:00yara v4.3.0yara v4.3.02023-03-27T14:36:35+00:00* Added a not operator for bytes in hex strings. Example: `{01 ~02 03}` (#1676).
* `for` statement can iterate over sets of literal strings (e.g. `for any s in ("a", "b"): (pe.imphash() == s)`) (#1787).
* `of` statement can be used with `at` (e.g. `any of them at 0`) (#1790).
* Added the `--print-xor-key` (`-X` in short form) command-line option that prints the XOR key for xored strings (#1745).
* Implement the `--skip-larger` command-line option in Windows (#1678).
* Add parsing of .NET user types from .NET metadata stream in "dotnet" module (#1605).
* Improve certificate parsing and validation in "pe" module (#1623).
* Add `telfhash()` function to "elf" module (#1624).
* Add `to_int()` and `to_string()` functions to "math" module (#1767).
* Improve error reporting on certain edge cases (#1709, #1722).
* BUGFIX: Fix multiple memory alignment issues causing crashes in non-x86 platforms (#1724).
* BUGFIX: Fix implementation of `math.serial_correlation`(#1771).
* BUGFIX: Fix infinite recursion in `dotnet` module (#1794).
* BUGFIX: Fix SIGFPE when dividing INT64_MIN by -1 (c2557fc).
* BUGFIX: Fix several endianess issues (#1884, #1874, #1855).
Thanks to @shanehuntley, @1ndahous3, @HoundThe, @wxsBSD, @vthib, @eeyss01.2023-03-27T14:36:35+00:00yara v4.3.1yara v4.3.12023-04-21T08:26:18+00:00* BUGFIX: Functions `import_rva` and `import_delayed_rva` are now case-insensitive (#1904)
* BUGFIX: Fix heap-related issue in `dotnet` module on Windows (#1902)
* BUGFIX: Fix heap corruption with certain rules that have very long string sets (67cccf0)
2023-04-21T08:26:18+00:00yara v4.3.2yara v4.3.22023-06-12T14:28:09+00:00* BUGFIX: assertion triggered with certain hex patterns when scanning arbitrary files (https://github.com/VirusTotal/yara/commit/bcc631299c9eba3af1fbf6e8a466650185e94988). Reported by Huawei Central Software Institute Security Team.2023-06-12T14:28:09+00:00yara v4.4.0yara v4.4.02023-09-19T10:24:44+00:00* New `lnk` module (https://github.com/VirusTotal/yara/pull/1732).
* Unreferenced strings are allowed if their identifier start with` _` (https://github.com/VirusTotal/yara/pull/1941)
* New command-line option `--disable-console-logs` for disabling the output of the console module (https://github.com/VirusTotal/yara/pull/1915)
* New command-line option `--strict-escape` that raises warnings on unknown escape sequences (https://github.com/VirusTotal/yara/pull/1880).
* Improve performance by avoiding the execution of rule conditions that can't match (https://github.com/VirusTotal/yara/pull/1927)
* Add callback message `CALLBACK_MSG_TOO_SLOW_SCANNING` for notifying about slow rules (https://github.com/VirusTotal/yara/pull/1921).
* Expose function RVA in `pe.export_details`(https://github.com/VirusTotal/yara/pull/1882).
* BUGFIX: Fix issues in the computation of `imphash` in `pe` module (https://github.com/VirusTotal/yara/pull/1944). Credits to the NSHC ThreatRecon team!
BUGFIX: Fix multiple out-of-bound memory reads in `dex` module (https://github.com/VirusTotal/yara/pull/1949, https://github.com/VirusTotal/yara/pull/1951).
* BUGFIX: Fix memory alignment issues (https://github.com/VirusTotal/yara/pull/1930).
* BUGFIX: Some strings with the wide and ascii modifiers not matching as they should (https://github.com/VirusTotal/yara/issues/1933).
* BUGFIX: Some rules not matching when `--fast-scan` is used (https://github.com/VirusTotal/yara/commit/4de3d574bae5973c711095c1c755166c07dec322)
Thanks to: @mgoffin, @wxsBSD, @cblichmann, @secDre4mer, @vthib, @regeciovad, @kylereedmsft, @TommYDeeee, @humpalum2023-09-19T10:24:44+00:00