search

Hugal31 / yara-rust

Rust bindings for VirusTotal/Yara
Apache License 2.0
73 stars 29 forks source link

pe.number_of_signatures panics an error #89

Closed muteb closed 1 year ago

muteb commented 1 year ago

Hi,

I used the option vendored on the toml config file and all went good but once it parses any Yara rule that contains pe.number_of_signatures , it panics as follow:

thread 'main' panicked at 'Should have parsed rule: Compile(CompileErrors { errors: [CompileError { level: Error, filename: Some("C:\Users\user\yarafolder\test.yar"), line: 2009, message: "invalid field name \"number_of_signatures\"" }, CompileError 

 condition:
      for any i in (0 .. pe.number_of_signatures)

Toml configuration as follow:

[dependencies] yara = "0.16.0" yara-sys ={ version = "0.16.0", features = ["bundled-4_2_3","vendored"] }

what have I done to make not work :(?

ikrivosheev commented 1 year ago

@muteb hello! What operating system are you using?

muteb commented 1 year ago

Windows 10

muteb commented 1 year ago

BTW if I clean the rules that contains pe.number_of_signatures, it works and no panic happen.

ikrivosheev commented 1 year ago

BTW if I clean the rules that contains pe.number_of_signatures, it works and no panic happen.

For use pe.number_of_signatures you need: OpenSSL (if I correctly understand this issue: https://github.com/VirusTotal/yara/issues/378).

Can you try to build yara-rust with OpenSSL? More about compile options you can read here: https://github.com/Hugal31/yara-rust/tree/master/yara-sys

ikrivosheev commented 1 year ago

Yes, I'm right: https://github.com/VirusTotal/yara/blob/0f646b8aa99929c7354a6c14e95d0f15bed48a8a/libyara/modules/pe/pe.c#L4016. For pe.number_of_signatures needed OpenSSL

muteb commented 1 year ago

Ok thanks alot for the heads up. what would be the optimal and easy way to build yara-rust with OpenSSL. I'm so happy with the vendored option or should I build it manually?

ikrivosheev commented 1 year ago

Ok thanks alot for the heads up. what would be the optimal and easy way to build yara-rust with OpenSSL. I'm so happy with the vendored option or should I build it manually?

  1. YARA_CRYPTO_LIB=openssl cargo build - this is force to use openssl as crypto backend (I'm not sure if this will work on Windows).
  2. You can use: https://doc.rust-lang.org/nightly/cargo/reference/config.html#env for set environment variable
muteb commented 1 year ago

Thank you very much. that solves it.

ikrivosheev commented 1 year ago

Thank you very much. that solves it.

You are welcome)