search

Neo23x0 / yarAnalyzer

Yara Rule Analyzer and Statistics
MIT License
358 stars 66 forks source link

UnicodeDecodeError #4

Closed shibumi closed 8 years ago

shibumi commented 8 years ago

Hello I have the following error while executing yarAnalyzer:

=======================================================================

  yarAnalyzer

  (c) Florian Roth
  June 2015
  Version 0.3.3

=======================================================================

[INFO]: Initialized Yara rules from thor-hacktools.yar
[INFO]: Scanning /home/user/malwaremustdie/ ...  
Traceback (most recent call last):
  File "yarAnalyzer.py", line 530, in <module>
    pretty_print(args.noempty, args.l)
  File "yarAnalyzer.py", line 370, in pretty_print
    print x #get_string(sortby="File")
  File "/usr/lib/python2.7/site-packages/prettytable.py", line 240, in __str__
    return self.__unicode__().encode(self.encoding)
  File "/usr/lib/python2.7/site-packages/prettytable.py", line 243, in __unicode__
    return self.get_string()
  File "/usr/lib/python2.7/site-packages/prettytable.py", line 987, in get_string
    formatted_rows = self._format_rows(rows, options)
  File "/usr/lib/python2.7/site-packages/prettytable.py", line 942, in _format_rows
    return [self._format_row(row, options) for row in rows]
  File "/usr/lib/python2.7/site-packages/prettytable.py", line 939, in _format_row
    return [self._format_value(field, value) for (field, value) in zip(self._field_names, row)]
  File "/usr/lib/python2.7/site-packages/prettytable.py", line 890, in _format_value
    return self._unicode(value)
  File "/usr/lib/python2.7/site-packages/prettytable.py", line 181, in _unicode
    value = unicode(value, self.encoding, "strict")
  File "/usr/lib/python2.7/encodings/utf_8.py", line 16, in decode
    return codecs.utf_8_decode(input, errors, True)
UnicodeDecodeError: 'utf8' codec can't decode bytes in position 28-29: unexpected end of data
python2 yarAnalyzer.py -p /home/user/malwaremustdie/  65.80s user 4.80s system 48% cpu 2:25.00 total

I am currently running a second process with --printAll so i can share the file with you.

EDIT: Ok It seems like I can't determine the file because it's only crashing at the end when yaranalyzer should normally print the result

Neo23x0 commented 8 years ago

Update and try it again. I committed some changes removing non-ASCII characters from the file names.

shibumi commented 8 years ago

thx fixed!