Closed jpoling-dswrx closed 6 years ago
Which yara module for python did you install?
The outdated one from via pip?
Check via pip list | grep yara
You should have version 3+
The above command does show I have Yara 2.0 installed. However, I believe I installed it via apt-get install python-yara yara
(Ubuntu 14.04.3).
I ran pip install yara-python --upgrade
and it now works. Thanks for the guidance!
Ah, get the error again when I use the following yara rules file (renamed to .yar).
https://github.com/1aN0rmus/Yara/blob/master/web/web_rules.yara
That seems to be an error in the rule. Use the yara command line utility to get more information about the error.
https://github.com/plusvic/yara/releases/tag/v3.4.0
On Thursday, 28 April 2016, jpoling-dswrx notifications@github.com wrote:
Ah, get the error again when I use the following yara rules file (renamed to .yar).
https://github.com/1aN0rmus/Yara/blob/master/web/web_rules.yara
— You are receiving this because you commented. Reply to this email directly or view it on GitHub https://github.com/Neo23x0/yarAnalyzer/issues/6#issuecomment-215556192
Sincerely Saludos cordiales Mit freundlichen Grüßen Florian Roth
Done and done. Thanks!
I directly downloaded THOR-Webshells from here (https://github.com/Yara-Rules/rules/blob/master/malware/THOR_Webshells.yar) to test and it gives me this error, but with no information as to what the error is.
sudo python yarAnalyzer.py -s current_signatures/ -p /mnt/lynx1_tmp/
How might I find out what specifically is the error?