winget install --id VirusTotal.YARAAbout YARA
YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
What's new in 4.5.5
- Implement the --no-follow-symlinks option in Windows (6e11b5a). - BUGFIX: Revert YR_RE_SCAN_LIMIT back to 4096 (#2177). - BUGFIX: infinite loop while parsing corrupt resource directory in PE module (#2162). - BUGFIX: improved detection whether a string requires all matches (#2167). - BUGFIX: Heap overflow while loading hand-crafted compiled rules (#2178). Thanks to Momoko Shiraishi for the report. Contributors: @secDre4mer @PeterMatula @wxsBSD
Version history
| Version | Updated | Notes |
|---|---|---|
| 4.5.5 | Unknown | - Implement the --no-follow-symlinks option in Windows (6e11b5a). - BUGFIX: Revert YR_RE_SCAN_LIMIT back to 4096 (#2177). - BUGFIX: infinite loop while parsing corrupt resource directory in PE module (#2162). - BUGFIX: i... |
| 4.5.3 | Unknown | - BUGFIX: Escape new new and carriage return characters when printing file paths (credits to: Rajesh Pangare). - BUGFIX: Avoid infinite loop while iterating Mach-O regions. - BUGFIX: High memory consumption while parsing... |
| 4.5.2 | Unknown | - Increase the limit for the maximum number of rows in dotnet module (608fb3d). - Limit resource names to 1000 character at most (3f5b4c7). - Recover from syntax error at the end of an included file (4fc1ff82). - BUGFIX:... |
| 4.3.2 | Unknown | No notes |