Closed muteb closed 1 year ago
@muteb hello! What operating system are you using?
Windows 10
BTW if I clean the rules that contains pe.number_of_signatures, it works and no panic happen.
BTW if I clean the rules that contains pe.number_of_signatures, it works and no panic happen.
For use pe.number_of_signatures
you need: OpenSSL (if I correctly understand this issue: https://github.com/VirusTotal/yara/issues/378).
Can you try to build yara-rust with OpenSSL? More about compile options you can read here: https://github.com/Hugal31/yara-rust/tree/master/yara-sys
Yes, I'm right: https://github.com/VirusTotal/yara/blob/0f646b8aa99929c7354a6c14e95d0f15bed48a8a/libyara/modules/pe/pe.c#L4016. For pe.number_of_signatures
needed OpenSSL
Ok thanks alot for the heads up. what would be the optimal and easy way to build yara-rust with OpenSSL. I'm so happy with the vendored option or should I build it manually?
Ok thanks alot for the heads up. what would be the optimal and easy way to build yara-rust with OpenSSL. I'm so happy with the vendored option or should I build it manually?
YARA_CRYPTO_LIB=openssl cargo build
- this is force to use openssl
as crypto backend (I'm not sure if this will work on Windows).Thank you very much. that solves it.
Thank you very much. that solves it.
You are welcome)
Hi,
I used the option vendored on the toml config file and all went good but once it parses any Yara rule that contains pe.number_of_signatures , it panics as follow:
thread 'main' panicked at 'Should have parsed rule: Compile(CompileErrors { errors: [CompileError { level: Error, filename: Some("C:\Users\user\yarafolder\test.yar"), line: 2009, message: "invalid field name \"number_of_signatures\"" }, CompileError
Toml configuration as follow:
[dependencies] yara = "0.16.0" yara-sys ={ version = "0.16.0", features = ["bundled-4_2_3","vendored"] }
what have I done to make not work :(?