-
Notifications
You must be signed in to change notification settings - Fork 4
Troubleshooting
This section covers some common errors you may run into as you use the Toolkit.
If using an older version of gcc (<9.X), you may receive the following error:
yara-python.c: In function ‘convert_object_to_python’:
yara-python.c:442:27: warning: comparison between signed and unsigned integer expressions [-Wsign-compare]
if (object->value.i != YR_UNDEFINED)
^
yara/libyara/scanner.c: In function ‘yr_scanner_get_profiling_info’:
yara/libyara/scanner.c:681:3: error: ‘for’ loop initial declarations are only allowed in C99 mode
for (uint32_t i = 0; i < scanner->rules->num_rules; i++)
^
yara/libyara/scanner.c:681:3: note: use option -std=c99 or -std=gnu99 to compile your code
For example, CentOS 7 uses gcc version 4.8.X, and CentOS 6 uses version 4.4.X as the default compiler.
Upgrade gcc to the latest "developer tool" variation for your operating system.
CentOS 7, install the Red Hat Developer Toolset 9:
yum install devtoolset-9
CentOS 6, install the Red Hat Developer Toolset 8:
yum install devtoolset-8
OpenSUSE, install gcc9:
zypper install gcc9
Without Python development libraries, you may receive this error during runtime:
Yara-python fatal error: Python.h: No such file or directory
#include <Python.h>
Install the Python development libraries:
CentOS 8:
dnf install python36-devel
CentOS 7:
yum install devtoolset-9
CentOS 6:
yum install devtoolset-8
Your configuration file may be using the default :memory:
location for the state database.
database:
_provider: cbc_binary_toolkit.state.builtin.Persistor
location: ":memory:"
Change the location
of your state database to a file:
database:
_provider: cbc_binary_toolkit.state.builtin.Persistor
location: path/to/databasefile/here.db
If you receive an API response similar to:
{"error_code": "FORBIDDEN", "message": "Connector ID A1B2C3D4E5 does not have permission ubs.org.file and action READ on org key ABCDEFGH"}
Ensure your API Key has the required permissions.
The included example analysis engine expects the name
field of your engine configuration to be "Yara". If it is different in your configuration file, the engine will not function.
Ensure your engine name
is Yara
in your configuration file.
engine:
name: Yara
feed_id: example-feed-id
type: local
_provider: cbc_binary_toolkit_examples.engine.yara_local.yara_engine.YaraFactory
The default configuration file was not found, and you did not specify an alternative configuration file.
Ensure the default binary-analysis-config.yaml.example
configuration file is in the config
folder, or specify a custom configuration file with the --config
command line argument.
Check your internet connection and retry.
Copyright © 2020 VMware Inc., All Rights Reserved.
Information here is current as of Carbon Black Cloud Binary Toolkit 1.0.0