Yara cannot scan chinese filename?
cheapylam opened this issue · 5 comments
Hi,
I am new to Yara.
I am using Yara to perform scanning on malicious web shell script using core.webshell_detection.yara provided by NSA/ASD Mitigating Web Shells [ https://github.com/nsacyber/Mitigating-Web-Shells ]
I ran from windows command line and the target file with Chinese filename and got the following error.
error scanning {filename} could not open file
I am using windows 10 with English char set machine. What went wrong here? Because as much as I see this, it is very severe issue, because someone can create a malicious file with this filename and walk through undetected. Am I right?
This should be fixed after #1491. Could try with the latest version in the master branch and let me know if it works fine?
May I know how to generate an executable file [yara.exe] from the master branch?
No, version 4.1.1 is a minor update, including only bug fixes. The unicode support will be released in version 4.2.0.
Thank you :D