Error in Yara file
jpoling-dswrx opened this issue · 5 comments
I directly downloaded THOR-Webshells from here (https://github.com/Yara-Rules/rules/blob/master/malware/THOR_Webshells.yar) to test and it gives me this error, but with no information as to what the error is.
sudo python yarAnalyzer.py -s current_signatures/ -p /mnt/lynx1_tmp/
[ERROR]: Error in Yara file: THOR_Webshells.yar
[INFO]: Scanning /mnt/dir/ ...
How might I find out what specifically is the error?
Which yara module for python did you install?
The outdated one from via pip?
Check via pip list | grep yara
You should have version 3+
The above command does show I have Yara 2.0 installed. However, I believe I installed it via apt-get install python-yara yara (Ubuntu 14.04.3).
I ran pip install yara-python --upgrade and it now works. Thanks for the guidance!
Ah, get the error again when I use the following yara rules file (renamed to .yar).
https://github.com/1aN0rmus/Yara/blob/master/web/web_rules.yara
That seems to be an error in the rule. Use the yara command line utility to
get more information about the error.
https://github.com/plusvic/yara/releases/tag/v3.4.0
On Thursday, 28 April 2016, jpoling-dswrx notifications@github.com wrote:
Ah, get the error again when I use the following yara rules file (renamed
to .yar).https://github.com/1aN0rmus/Yara/blob/master/web/web_rules.yara
—
You are receiving this because you commented.
Reply to this email directly or view it on GitHub
#6 (comment)
Sincerely
Saludos cordiales
Mit freundlichen Grüßen
Florian Roth
Done and done. Thanks!