Yara cannot scan chinese filename?

Question

Yara cannot scan chinese filename?

cheapylam opened this issue 3 years ago · 5 comments

Hi, I am new to Yara.
I am using Yara to perform scanning on malicious web shell script using core.webshell_detection.yara provided by NSA/ASD Mitigating Web Shells [ https://github.com/nsacyber/Mitigating-Web-Shells ]

I ran from windows command line and the target file with Chinese filename and got the following error.
error scanning {filename} could not open file

I am using windows 10 with English char set machine. What went wrong here? Because as much as I see this, it is very severe issue, because someone can create a malicious file with this filename and walk through undetected. Am I right?

Answer 1 · 2021-05-11T11:02:38.000Z

This should be fixed after #1491. Could try with the latest version in the master branch and let me know if it works fine?

Answer 2 · 2021-05-13T07:37:42.000Z

May I know how to generate an executable file [yara.exe] from the master branch?

Answer 3 · 2021-05-25T02:02:35.000Z

@plusvic
Sorry, may I know the new version 4.1.1 is it including the fixed #1491 ?

Please also note that the new version 4.1.1 ==> yara.exe -v <=== version not updated

Answer 4 · 2021-05-25T07:06:51.000Z

No, version 4.1.1 is a minor update, including only bug fixes. The unicode support will be released in version 4.2.0.

Answer 5 · 2021-05-26T01:49:42.000Z

Thank you :D