On Loki scan start, multiple unterminated regular expression messages occur

Question

On Loki scan start, multiple unterminated regular expression messages occur

g33k247 opened this issue 2 years ago · 4 comments

Getting a bunch of these messages when starting a scan:

line 1126, in initialize_yara_rules yara.SyntaxError: line 22: unterminated regular expression

On Windows 11, executing from PowerShell. Once Loki gets past these issues, the scan continues and completes as expected.

Answer 1 · 2022-10-13T11:20:34.000Z

The signatures seem to be okay. It's most likely an AV that deleted part of a signature set before the initialisation.

Answer 2 · 2023-06-08T13:42:43.000Z

Here's an example of the errors I'm seeing:

Traceback (most recent call last):
  File "\\vboxsvr\workspace\Loki\loki.py", line 1126, in initialize_yara_rules
yara.SyntaxError: line 22: unterminated regular expression
Traceback (most recent call last):
  File "\\vboxsvr\workspace\Loki\loki.py", line 1126, in initialize_yara_rules
yara.SyntaxError: line 22: unterminated regular expression
Traceback (most recent call last):
  File "\\vboxsvr\workspace\Loki\loki.py", line 1126, in initialize_yara_rules
yara.SyntaxError: line 22: unterminated regular expression
Traceback (most recent call last):
  File "\\vboxsvr\workspace\Loki\loki.py", line 1126, in initialize_yara_rules
yara.SyntaxError: line 22: unterminated regular expression
Traceback (most recent call last):
  File "\\vboxsvr\workspace\Loki\loki.py", line 1126, in initialize_yara_rules
yara.SyntaxError: line 22: unterminated regular expression
Traceback (most recent call last):
  File "\\vboxsvr\workspace\Loki\loki.py", line 1126, in initialize_yara_rules
yara.SyntaxError: line 22: unterminated regular expression
Traceback (most recent call last):
  File "\\vboxsvr\workspace\Loki\loki.py", line 1126, in initialize_yara_rules
yara.SyntaxError: line 22: unterminated regular expression
Traceback (most recent call last):
  File "\\vboxsvr\workspace\Loki\loki.py", line 1126, in initialize_yara_rules
yara.SyntaxError: line 22: unterminated regular expression

Answer 3 · 2023-06-09T14:03:15.000Z

I cannot reproduce the error with the current version and the current rule set.

Answer 4 · 2023-06-09T14:05:05.000Z

It's also a shit way to report errors not indicating the version number of the software, which OS, the command line, if customer rules are used etc.