Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update YARA to version 4.0.0 #758

Closed
s3rvac opened this issue Apr 29, 2020 · 4 comments · Fixed by #769
Closed

Update YARA to version 4.0.0 #758

s3rvac opened this issue Apr 29, 2020 · 4 comments · Fixed by #769
Labels
C-yara enhancement

Comments

@s3rvac
Copy link
Member

s3rvac commented Apr 29, 2020
edited
Loading

YARA 4.0.0 was released on 2020-04-29. At the time of writing, RetDec uses YARA 3.11.0:

retdec/cmake/deps.cmake

Line 48 in a728ec2

# 3.11.0

We should consider updating to 4.0.0. It will probably require some changes in RetDec as there were API changes.
@PeterMatula
Copy link
Collaborator

Because of #283, I would like to update to a specific (latest) commit in master, not the version tag. This would make adoption of improvements faster and more flexible. I hope YARA master is stable enough and if not, we would detect problems in our regression tests.
What do you think about this @metthal and @s3rvac?

@s3rvac
Copy link
Member Author

s3rvac commented May 19, 2020

Will we want to update the used YARA version in RetDec more often than new releases of YARA are published? Wouldn't it be safer to just wait for official releases? They are quite frequent.

@PeterMatula
Copy link
Collaborator

PeterMatula commented May 19, 2020
edited
Loading

Not regularly, but in case of some bug fixes or added functionality we might. If we push for a fix or feature because we need it in RetDec, and it gets to YARA, it is more convenient to start using it right away and close the issue in question - as opposed to forget about it until the YARA release is out and we need to come back to it.

@metthal
Copy link
Member

metthal commented May 19, 2020

VirusTotal often uses non-released master branch in production so I would consider master to be stableish. There was some bugfixes since 4.0.0 and there's already 4.0.1. I usually wait a little bit until the changes settle in and serious bugs are resolved and then update to newer version.

PeterMatula added a commit that referenced this issue May 21, 2020
@PeterMatula
yara: update to v4.0.1, fix #758, fix #283.
2862f2f 
Yaracpp needed some work, because YARA interface changed. Also, I simplified and refactored Yaracpp a bit.
@PeterMatula PeterMatula mentioned this issue May 21, 2020
Merged
PeterMatula added a commit that referenced this issue May 21, 2020
@PeterMatula
Update Yara to 4.0.1 (#769)
80bbf2a 
* yara: update to v4.0.1, fix #758, fix #283.

Yaracpp needed some work, because YARA interface changed. Also, I simplified and refactored Yaracpp a bit.

* yara_patterns/tools/pe/x86/packers: modify eziriz_dotnet_reactor_62_or_newer rule

Looks like the new YARA 4.0.1 ends dotnet user strings only with "\x00" instead of "\x00\x00" as before.

* yaracpp: fix doxygen comment

* yaracpp: fix doxygen warning

* deps/yara: better (more general) patching
@PeterMatula PeterMatula reopened this May 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
C-yara enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Yara to 4.0.1 avast/retdec
3 participants
@metthal @s3rvac @PeterMatula