Skip to content

Releases: VirusTotal/yara-x

v0.12.0

17 Dec 20:10
d2b8358
Compare
Choose a tag to compare
  • The macho module now parses and exposesLC_LINKER_OPTION commands (#256).
  • Raise warning with some patterns that have too many 2-byte atoms and are potentially slow (#264).
  • Extract more information from the SpcSpOpusInfo structure contained in PE signatures (50180d8).
  • BUGFIX: add missing MEAN_BYTES constant to math module (888c77e).
  • BUGFIX: panic when calling dylib_hash in some corrupted Mach-O files (c014a26).

Contributors: @latonis

v0.11.1

03 Dec 15:36
ee65c74
Compare
Choose a tag to compare
  • BUGFIX: large memory consumption while parsing corrupted PE files (f3ea4f3)

v0.11.0

26 Nov 11:38
2117e14
Compare
Choose a tag to compare
  • Added JSON as a new output format (#239).
  • Added the --profiling option to the scan command (d3df07d).
  • Implement loop-invariant code motion (hoisting) (#246).
  • Implement sym_hash() function for macho module (#248).
  • Allow larger jumps in hex patterns (1e6b6c7).
  • BUGFIX: issue with undefined expression in with statements (5e2355a).

Contributors: @chudicek @latonis

v0.10.0

21 Oct 08:35
1b7fc5a
Compare
Choose a tag to compare
  • Add type information for the Python library (#215).
  • Reduce errors due large regexps (#221).
  • More improvements to fmt command (#224, 4352ddc).
  • Improved formatting for pe & dotnet modules (#226).
  • Raise warning when a hex pattern can be expressed as text (15db4b1).
  • Implement --recursive option (6f45b2f).
  • BUGFIX: Print paths relative to the target path for consistency with YARA (#212).
  • BUGFIX: Issues with --print-strings option (#213, #214).

Contributors: @latonis @wxsBSD @metthal

v0.9.0

03 Oct 09:03
8abd88e
Compare
Choose a tag to compare
  • Implement the with statement (#197).
  • The fmt command is now customizable (#205).
  • Serialize compiled rules in platform-independent way (#202).
  • Allow to specify namespaces for input rule files in the CLI (aa25903).
  • Mach-O import parsing and import hash function by @latonis in #135
  • Refactor the deserialization API in Golang (e8bf6ed).
  • Redesign C API using callbacks (#198).
  • Implement APIs in C and Golang for accessing the individual rules contained in a Rules object (ef03252).
  • BUGFIX: issue with some comments inside hex patterns (e7f6363).
  • BUGFIX: bug while parsing regexp /\\/ (09e823a).
  • BUGFIX: panic when map, array or regexp is used as a boolean expression (5fb2057).
  • BUGFIX: multiple issues in the parser with invalid rules (9c4231d, 699bf51, 28bf377, d19a323, 7e26d31, ba2059d, a2b7394).
  • BUGFIX: bug while using --compiled-rules without namespaces (#201).

Contributors: @chudicek @TommYDeeee @latonis @wxsBSD

v0.8.0

09 Sep 15:24
f3ecfba
Compare
Choose a tag to compare
  • Implement command fmt for automatic YARA code formatting.
  • Add --module-data option to scan command (#183).
  • Add --ignore-module option to scan and compile commands (0536024).
  • Implement cuckoo module for backward compatibility with YARA (#191).
  • More warnings for potentially slow rules (38ddfb1, 1db2190).

Contributors: @chudicek, @qjerome

v0.7.0

28 Aug 11:00
c4a1bb0
Compare
Choose a tag to compare
  • Better representation of flags in YAML output (aff398b).
  • Accept comparisons between boolean expression and integer constant (1dd3ade).
  • Add --print-meta option to scan command (#170).
  • Add --tag and --print-tags options to scan command for tag filtering and printing (#171).
  • Add --count option to scan command (#174).
  • Allow to specify the source's origin in the Golang, Python and C APIs.
  • API redesigned to expose more details about compiler errors and warnings.
  • BUGFIX: OOM errors while scanning some corrupted PE files (258e090).
  • BUGFIX: panics while scanning some corrupted PE files (5a6b944, 3f011ee, b82c930).

Contributors: @wxsBSD

v0.6.0

31 Jul 06:33
Compare
Choose a tag to compare
  • Implement new error-tolerant parser that fixes some existing issues like #136 and #150.
  • Scan command now can produce ndjson output. (#161)
  • BUGFIX: Handle non-ASCII spaces in filenames. (#163)

Contributors: @wxsBSD, @szabgab

v0.5.0

01 Jul 07:19
Compare
Choose a tag to compare
  • Parse Mach-O exports and add export_hash function to macho module (#132)
  • Add --disable-warnings option. Specific warnings can be disabled by using warning identifiers like slow_patterns, duplicate_import, unsatisfiable_expr, etc (#140).
  • Raise warning when a boolean expression is always true or false (5f6a1d7).
  • BUGFIX: fix multiple crashes in macho module.
  • BUGFIX: fix multiple crashes in pe module.

Contributors: @latonis

v0.4.0

29 May 11:58
Compare
Choose a tag to compare
  • Implement the --scan-list option for the scan command (21e8481).
  • Implement the --output option for the compile command (c7759f8).
  • Allow using non-global rules from global rules (865db1d).
  • Implement APIs for accessing rule metadata (9f90eaa, 1e816a7, 3508d53, 9ddbbbe).
  • Implement dylib and entitlement hashing in macho module (#93).
  • Allow multi-line string literals in rule metadata (#121 ).
  • BUGFIX: Fix stack overflow when rules have a lot of patterns and use the x of them statement (b134252).

Contributors: @latonis, @wxsBSD