Closed MariasStory closed 3 years ago
john3994
commented
3 years ago Hi,
Again, this tool looks like it could be really useful but like MariaStroy, I think there is an issue with yara.
I get very little output when I pipe to a text file. The script finishes but the only output in my text file is "[+] Searching memory by Yara rules."
shu-tom
commented
3 years ago This problem that Yara scan does not finish is a problem of volatility2, and it has been improved in volatility3. We are planning a malconfscan for volatility3.
shu-tom
commented
3 years ago Duplicate of #9
Hi authors, From what I can see, this is extremely useful plugin.
Unfortunately, I cannot get the plugin working. Similar issue was already reported: https://github.com/JPCERTCC/MalConfScan/issues/10
The process is showing "Searching memory by Yara rules.". It takes one cpu with no read or write activity.
I did try to use git versions of the volatility and the MalConfScan plugin. The -p option did not help. Just to make sure, I also tried a docker version of the volatility and it stuck.
The plugin was running for several days without result.
I see few findings from your yara rules.