winget install --id VirusTotal.YARA-XAbout YARA-X
YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor.
What's new in 1.16.0
- Multiple performance improvements (#623, #624, #626, #627, #629, #631, #632, #635, #649, #654). - Implement constant folding for bitwise operations (#634). - Allow specifying context size for matches (#644). - Improvements in Language Server for better integration with neovim (#648). - BUGFIX: Avoid panic while parsing certain rules (#640). - BUGFIX: Avoid panic on bad reader input in the Python API (#643). - BUGFIX: Handle null values while deserializing Cuckoo reports in cuckoo module. (#646). - BUGFIX: Validate bool metadata as bool in Language Server diagnostics (#621). Contributors: @king-tero @PeterMatula @nyx0 @kevinmuoz @tlansec @prosperritty
Version history
| Version | Updated | Notes |
|---|---|---|
| 1.16.0 | Unknown | - Multiple performance improvements (#623, #624, #626, #627, #629, #631, #632, #635, #649, #654). - Implement constant folding for bitwise operations (#634). - Allow specifying context size for matches (#644). - Improvem... |
| 1.15.0 | Unknown | - Add full support for WASM. The whole yara-x create now can be built for WASM (#583, #588, #598). - New playground at https://virustotal.github.io/yara-x/playground/ (#601). - The yr check command now notifies users of... |
| 1.14.0 | Unknown | - Multiple improvements in language server (#559, #560, #561, #564, #568, #579). - Added deps command to the CLI tool that shows rule dependencies (#498). - Improve macho module by parsing DYLD_CHAINED_IMPORT_ADDEND64 fi... |
| 1.13.0 | Unknown | - Add crx and dex modules to Python invoke API (#534). - Add Python API for specifying the metadata that should be passed to modules (6bebe34): - Output filenames that needs reformatting when using yr fmt --check (#538)... |
| 1.12.0 | Unknown | - Improvements in the parser to produce better Concrete Syntax Trees (#531, c46b3bd). - BUGFIX: avoid panic when parsing some regular expressions (136ab9f). |
| 1.11.0 | Unknown | - Make the parser stricter (#502). - Implement dex module (#458). - Implement C api console log (#515). - Implement permhash for the crx module (#510). - Implement the imports() method for the Rules object in the Python... |
| 1.10.0 | Unknown | - New yr fix warnings command (#493). - Generate more efficient WASM code for some expressions, reducing the size of compiled rules (5efc214, a865681). - Improve the API for traversing the AST in DFS order (8443106, 2b67... |
| 1.9.0 | Unknown | - Add function for scanning files by path to the C and Go APIs (32bac10). - Add version number to the Rust API (bdb53e8, #469). - Add osabi field to elf module (afa0960). - Avoid verifying patterns when the file size is... |
| 1.8.1 | Unknown | - BUGFIX: don't mangle the C API function yrx_finalize and include it in the header files (#467). - BUGFIX: fix some issues and edge cases in block scanning (d7873db). Contributors: @metthal |
| 1.8.0 | Unknown | - Implement block scanning API for Rust and C (#459, 185c2ee). - Implement Golang and C APIs for setting global variables of type array and structure (#449). - Add iterator for Rules object in Python (#463). - BUGFIX: In... |
| 1.7.1 | Unknown | - BUGFIX: fix compilation in 32-bits platforms (#453). |
| 1.7.0 | Unknown | - New warning suggesting the use of none of them instead of 0 of them. - Added option --max-matches-per-pattern to the CLI and the max_matches_per_pattern method to the Python API (#437). - New yrx_finalize function to t... |
| 1.6.0 | Unknown | - Implement --no-mmap option for disabling the use of memory-mapped files (9ff675f). - Support relative includes for compatibility with YARA (89674f1). - Support metadata validation using regular expressions (#434). - Ad... |
| 1.5.0 | Unknown | - Implement the crx module for parsing Chrome Extension files (#423). - Allow underscores in integer and float literals (#405). - Adopt Anomali's symhash algorithm for Mach-O files (#425). - Support boolean type in conso... |
| 1.4.0 | Unknown | - Allow suppressing warnings using // suppress: warning_id comments (#398). - Implement built-in functions float32, float64, float32be and float64be (#396). - BUGFIX: fix wrong text_as_hex warning (0baf08b, #397). - BUGF... |
| 1.3.0 | Unknown | - Add span information to Event::Begin and Event::End (f4259f0). - Add support for private patterns. Private patterns were being accepted but ignored. (21a9090). - BUGFIX: add YRX_ prefix to constants in the C API to avo... |
| 1.2.1 | Unknown | - BUGFIX: regression introduced in #368. - BUGFIX: more robust LNK file parsing than handles maliciously crafted files (7e1c8b3, #379) |
| 1.2.0 | Unknown | - Allow disabling specific warnings via the configuration file (b44ca8f) (documentation). - BUGFIX: Another JSON encoding issue (1a41075, #376). - BUGFIX: Return a proper error message when passing invalid metadata to a... |
| 1.1.0 | Unknown | - Add the yrx_scanner_set_module_data function to the C API. - Show warnings when comparing the result of intXX and uintXX functions with values outside their valid ranges. Example: warning[unsatisfiable_expr]: unsatisfi... |
| 1.0.1 | Unknown | - BUGFIX: Panic while truncating long file paths containing Unicode characters (#360). - BUGFIX: JSONDecodeError in Python API (#361). |