wxsBSD
commented
8 years ago Looks like you didn't build YARA with crypto support.
Closed rholloway closed 7 years ago
wxsBSD
commented
8 years ago Looks like you didn't build YARA with crypto support.
rholloway
commented
8 years ago I don't think that is it. I built YARA with everything, and I can use yarac from command line without any issues to compile this rule. I cannot, however, compile when using yara-python.
I did not explicitly pass --with-crypto, but based on docs it should have been detected. Here are relevant pieces from ansible script used to compile. It should have openssl on the system.
---
- name: Ensure dependencies are installed
apt: name={{item}} state=present
with_items:
- automake
- libtool
- make
- gcc
- flex
- bison
- libssl-dev
- libjansson-dev
- libmagic-dev
tags: [yara]
# download src, etc.
- name: Configure an install yara {{yara_version}}
shell: "{{ item }}"
args:
chdir: /opt/yara/yara-{{yara_version}}
creates: /usr/local/lib/libyara.so.{{yara_version}}
with_items:
- ./configure --enable-cuckoo --enable-magic
- make
- make install
tags: [yara]"A" * 32 is not a valid syntax for YARA. I think that is playing into this. Unfortunately I'm catching a long flight right now so I can't fully debug.
wxsBSD
commented
8 years ago My earlier comment about "A" * 32 not being valid is still true but the error you're seeing is actually caused by something entirely different, which is a valid issue AFAICT.
I think I ran into this when someone brought up an issue to me privately. Essentially here is what I'm seeing:
wxs@wxs-mbp tmp % pip list | grep yara
wxs@wxs-mbp tmp % sudo pip install yara-python
Collecting yara-python
Installing collected packages: yara-python
Successfully installed yara-python-3.5.0
wxs@wxs-mbp tmp % python -c 'import yara; yara.compile(source="import \"pe\" rule test { condition: pe.number_of_signatures > 0 }")'
Traceback (most recent call last):
File "<string>", line 1, in <module>
yara.SyntaxError: invalid field name "number_of_signatures"
wxs@wxs-mbp tmp %It seems like when the yara-python package builds the version of YARA to link with it doesn't find the OpenSSL bits and doesn't define HAVE_LIBCRYPTO properly. So I then generated a verbose build log which looks like this:
Collecting yara-python
1 location(s) to search for versions of yara-python:
* https://pypi.python.org/simple/yara-python/
Getting page https://pypi.python.org/simple/yara-python/
Looking up "https://pypi.python.org/simple/yara-python/" in the cache
No cache entry available
Starting new HTTPS connection (1): pypi.python.org
"GET /simple/yara-python/ HTTP/1.1" 200 325
Updating cache with response from "https://pypi.python.org/simple/yara-python/"
Caching b/c date exists and max-age > 0
Analyzing links from page https://pypi.python.org/simple/yara-python/
Found link https://pypi.python.org/packages/3e/6c/ec2453fd811ea2f8c157d196b4dd76eb3c229362918fdb661358bd3e8645/yara-python-3.5.0.tar.gz#md5=3184efa3da16e3a8304185f2641c4ffe (from https://pypi.python.org/simple/yara-python/), version: 3.5.0
Found link https://pypi.python.org/packages/8e/01/b7dce32aa35248e9c640250788cd959245c6f79e6f5d44185ad214efb115/yara-python-3.4.0.00.tar.gz#md5=b28916c20bd8e6a7c4f105e3b496f378 (from https://pypi.python.org/simple/yara-python/), version: 3.4.0.00
Using version 3.5.0 (newest of versions: 3.4.0.0, 3.5.0)
Looking up "https://pypi.python.org/packages/3e/6c/ec2453fd811ea2f8c157d196b4dd76eb3c229362918fdb661358bd3e8645/yara-python-3.5.0.tar.gz" in the cache
No cache entry available
"GET /packages/3e/6c/ec2453fd811ea2f8c157d196b4dd76eb3c229362918fdb661358bd3e8645/yara-python-3.5.0.tar.gz HTTP/1.1" 200 551735
Downloading yara-python-3.5.0.tar.gz (551kB)
Downloading from URL https://pypi.python.org/packages/3e/6c/ec2453fd811ea2f8c157d196b4dd76eb3c229362918fdb661358bd3e8645/yara-python-3.5.0.tar.gz#md5=3184efa3da16e3a8304185f2641c4ffe (from https://pypi.python.org/simple/yara-python/)
Updating cache with response from "https://pypi.python.org/packages/3e/6c/ec2453fd811ea2f8c157d196b4dd76eb3c229362918fdb661358bd3e8645/yara-python-3.5.0.tar.gz"
Caching due to etag
Running setup.py (path:/private/tmp/pip-build-SD9wqX/yara-python/setup.py) egg_info for package yara-python
Running command python setup.py egg_info
running egg_info
creating pip-egg-info/yara_python.egg-info
writing pip-egg-info/yara_python.egg-info/PKG-INFO
writing top-level names to pip-egg-info/yara_python.egg-info/top_level.txt
writing dependency_links to pip-egg-info/yara_python.egg-info/dependency_links.txt
writing manifest file 'pip-egg-info/yara_python.egg-info/SOURCES.txt'
warning: manifest_maker: standard file '-c' not found
reading manifest file 'pip-egg-info/yara_python.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'pip-egg-info/yara_python.egg-info/SOURCES.txt'
Source in /private/tmp/pip-build-SD9wqX/yara-python has version 3.5.0, which satisfies requirement yara-python from https://pypi.python.org/packages/3e/6c/ec2453fd811ea2f8c157d196b4dd76eb3c229362918fdb661358bd3e8645/yara-python-3.5.0.tar.gz#md5=3184efa3da16e3a8304185f2641c4ffe
Installing collected packages: yara-python
Running setup.py install for yara-python: started
Running command /usr/bin/python -u -c "import setuptools, tokenize;__file__='/private/tmp/pip-build-SD9wqX/yara-python/setup.py';exec(compile(getattr(tokenize, 'open', open)(__file__).read().replace('\r\n', '\n'), __file__, 'exec'))" install --record /tmp/pip-fLqXMQ-record/install-record.txt --single-version-externally-managed --compile
running install
running build
running build_ext
building 'yara' extension
creating build
creating build/temp.macosx-10.11-intel-2.7
creating build/temp.macosx-10.11-intel-2.7/yara
creating build/temp.macosx-10.11-intel-2.7/yara/libyara
creating build/temp.macosx-10.11-intel-2.7/yara/libyara/modules
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara-python.c -o build/temp.macosx-10.11-intel-2.7/yara-python.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/ahocorasick.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/ahocorasick.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/arena.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/arena.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/atoms.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/atoms.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/compiler.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/compiler.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/exec.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/exec.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/exefiles.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/exefiles.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/filemap.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/filemap.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/grammar.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/grammar.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/hash.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/hash.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/hex_grammar.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/hex_grammar.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/hex_lexer.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/hex_lexer.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/lexer.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/lexer.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/libyara.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/libyara.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/mem.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/mem.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/object.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/object.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/parser.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/parser.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/proc.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/proc.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/re.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/re.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/re_grammar.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/re_grammar.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/re_lexer.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/re_lexer.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/rules.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/rules.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/scan.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/scan.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/sizedstr.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/sizedstr.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/stream.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/stream.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/strutils.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/strutils.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/threading.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/threading.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules/demo.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/demo.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules/elf.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/elf.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules/hash.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/hash.o
yara/libyara/modules/hash.c:124:3: warning: 'MD5_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
MD5_Init(&md5_context);
^
/usr/include/openssl/md5.h:113:5: note: 'MD5_Init' has been explicitly marked deprecated here
int MD5_Init(MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:125:3: warning: 'MD5_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
MD5_Update(&md5_context, s->c_string, s->length);
^
/usr/include/openssl/md5.h:114:5: note: 'MD5_Update' has been explicitly marked deprecated here
int MD5_Update(MD5_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:126:3: warning: 'MD5_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
MD5_Final(digest, &md5_context);
^
/usr/include/openssl/md5.h:115:5: note: 'MD5_Final' has been explicitly marked deprecated here
int MD5_Final(unsigned char *md, MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:142:3: warning: 'SHA256_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA256_Init(&sha256_context);
^
/usr/include/openssl/sha.h:147:5: note: 'SHA256_Init' has been explicitly marked deprecated here
int SHA256_Init(SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:143:3: warning: 'SHA256_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA256_Update(&sha256_context, s->c_string, s->length);
^
/usr/include/openssl/sha.h:148:5: note: 'SHA256_Update' has been explicitly marked deprecated here
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:144:3: warning: 'SHA256_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA256_Final(digest, &sha256_context);
^
/usr/include/openssl/sha.h:149:5: note: 'SHA256_Final' has been explicitly marked deprecated here
int SHA256_Final(unsigned char *md, SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:160:3: warning: 'SHA1_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA1_Init(&sha_context);
^
/usr/include/openssl/sha.h:121:5: note: 'SHA1_Init' has been explicitly marked deprecated here
int SHA1_Init(SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:161:3: warning: 'SHA1_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA1_Update(&sha_context, s->c_string, s->length);
^
/usr/include/openssl/sha.h:122:5: note: 'SHA1_Update' has been explicitly marked deprecated here
int SHA1_Update(SHA_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:162:3: warning: 'SHA1_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA1_Final(digest, &sha_context);
^
/usr/include/openssl/sha.h:123:5: note: 'SHA1_Final' has been explicitly marked deprecated here
int SHA1_Final(unsigned char *md, SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:204:3: warning: 'MD5_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
MD5_Init(&md5_context);
^
/usr/include/openssl/md5.h:113:5: note: 'MD5_Init' has been explicitly marked deprecated here
int MD5_Init(MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:235:9: warning: 'MD5_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
MD5_Update(&md5_context, block_data + data_offset, data_len);
^
/usr/include/openssl/md5.h:114:5: note: 'MD5_Update' has been explicitly marked deprecated here
int MD5_Update(MD5_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:258:3: warning: 'MD5_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
MD5_Final(digest, &md5_context);
^
/usr/include/openssl/md5.h:115:5: note: 'MD5_Final' has been explicitly marked deprecated here
int MD5_Final(unsigned char *md, MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:289:3: warning: 'SHA1_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA1_Init(&sha_context);
^
/usr/include/openssl/sha.h:121:5: note: 'SHA1_Init' has been explicitly marked deprecated here
int SHA1_Init(SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:319:9: warning: 'SHA1_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA1_Update(&sha_context, block_data + data_offset, data_len);
^
/usr/include/openssl/sha.h:122:5: note: 'SHA1_Update' has been explicitly marked deprecated here
int SHA1_Update(SHA_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:342:3: warning: 'SHA1_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA1_Final(digest, &sha_context);
^
/usr/include/openssl/sha.h:123:5: note: 'SHA1_Final' has been explicitly marked deprecated here
int SHA1_Final(unsigned char *md, SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:373:3: warning: 'SHA256_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA256_Init(&sha256_context);
^
/usr/include/openssl/sha.h:147:5: note: 'SHA256_Init' has been explicitly marked deprecated here
int SHA256_Init(SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:402:9: warning: 'SHA256_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA256_Update(&sha256_context, block_data + data_offset, data_len);
^
/usr/include/openssl/sha.h:148:5: note: 'SHA256_Update' has been explicitly marked deprecated here
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:425:3: warning: 'SHA256_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA256_Final(digest, &sha256_context);
^
/usr/include/openssl/sha.h:149:5: note: 'SHA256_Final' has been explicitly marked deprecated here
int SHA256_Final(unsigned char *md, SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
18 warnings generated.
yara/libyara/modules/hash.c:124:3: warning: 'MD5_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
MD5_Init(&md5_context);
^
/usr/include/openssl/md5.h:113:5: note: 'MD5_Init' has been explicitly marked deprecated here
int MD5_Init(MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:125:3: warning: 'MD5_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
MD5_Update(&md5_context, s->c_string, s->length);
^
/usr/include/openssl/md5.h:114:5: note: 'MD5_Update' has been explicitly marked deprecated here
int MD5_Update(MD5_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:126:3: warning: 'MD5_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
MD5_Final(digest, &md5_context);
^
/usr/include/openssl/md5.h:115:5: note: 'MD5_Final' has been explicitly marked deprecated here
int MD5_Final(unsigned char *md, MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:142:3: warning: 'SHA256_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA256_Init(&sha256_context);
^
/usr/include/openssl/sha.h:147:5: note: 'SHA256_Init' has been explicitly marked deprecated here
int SHA256_Init(SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:143:3: warning: 'SHA256_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA256_Update(&sha256_context, s->c_string, s->length);
^
/usr/include/openssl/sha.h:148:5: note: 'SHA256_Update' has been explicitly marked deprecated here
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:144:3: warning: 'SHA256_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA256_Final(digest, &sha256_context);
^
/usr/include/openssl/sha.h:149:5: note: 'SHA256_Final' has been explicitly marked deprecated here
int SHA256_Final(unsigned char *md, SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:160:3: warning: 'SHA1_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA1_Init(&sha_context);
^
/usr/include/openssl/sha.h:121:5: note: 'SHA1_Init' has been explicitly marked deprecated here
int SHA1_Init(SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:161:3: warning: 'SHA1_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA1_Update(&sha_context, s->c_string, s->length);
^
/usr/include/openssl/sha.h:122:5: note: 'SHA1_Update' has been explicitly marked deprecated here
int SHA1_Update(SHA_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:162:3: warning: 'SHA1_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA1_Final(digest, &sha_context);
^
/usr/include/openssl/sha.h:123:5: note: 'SHA1_Final' has been explicitly marked deprecated here
int SHA1_Final(unsigned char *md, SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:204:3: warning: 'MD5_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
MD5_Init(&md5_context);
^
/usr/include/openssl/md5.h:113:5: note: 'MD5_Init' has been explicitly marked deprecated here
int MD5_Init(MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:235:9: warning: 'MD5_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
MD5_Update(&md5_context, block_data + data_offset, data_len);
^
/usr/include/openssl/md5.h:114:5: note: 'MD5_Update' has been explicitly marked deprecated here
int MD5_Update(MD5_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:258:3: warning: 'MD5_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
MD5_Final(digest, &md5_context);
^
/usr/include/openssl/md5.h:115:5: note: 'MD5_Final' has been explicitly marked deprecated here
int MD5_Final(unsigned char *md, MD5_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:289:3: warning: 'SHA1_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA1_Init(&sha_context);
^
/usr/include/openssl/sha.h:121:5: note: 'SHA1_Init' has been explicitly marked deprecated here
int SHA1_Init(SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:319:9: warning: 'SHA1_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA1_Update(&sha_context, block_data + data_offset, data_len);
^
/usr/include/openssl/sha.h:122:5: note: 'SHA1_Update' has been explicitly marked deprecated here
int SHA1_Update(SHA_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:342:3: warning: 'SHA1_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA1_Final(digest, &sha_context);
^
/usr/include/openssl/sha.h:123:5: note: 'SHA1_Final' has been explicitly marked deprecated here
int SHA1_Final(unsigned char *md, SHA_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:373:3: warning: 'SHA256_Init' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA256_Init(&sha256_context);
^
/usr/include/openssl/sha.h:147:5: note: 'SHA256_Init' has been explicitly marked deprecated here
int SHA256_Init(SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:402:9: warning: 'SHA256_Update' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA256_Update(&sha256_context, block_data + data_offset, data_len);
^
/usr/include/openssl/sha.h:148:5: note: 'SHA256_Update' has been explicitly marked deprecated here
int SHA256_Update(SHA256_CTX *c, const void *data, size_t len) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
yara/libyara/modules/hash.c:425:3: warning: 'SHA256_Final' is deprecated: first deprecated in OS X 10.7 [-Wdeprecated-declarations]
SHA256_Final(digest, &sha256_context);
^
/usr/include/openssl/sha.h:149:5: note: 'SHA256_Final' has been explicitly marked deprecated here
int SHA256_Final(unsigned char *md, SHA256_CTX *c) DEPRECATED_IN_MAC_OS_X_VERSION_10_7_AND_LATER;
^
18 warnings generated.
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules/math.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/math.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules/pe.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/pe.o
cc -fno-strict-aliasing -fno-common -dynamic -arch i386 -arch x86_64 -g -Os -pipe -fno-common -fno-strict-aliasing -fwrapv -DENABLE_DTRACE -DMACOSX -DNDEBUG -Wall -Wstrict-prototypes -Wshorten-64-to-32 -DNDEBUG -g -fwrapv -Os -Wall -Wstrict-prototypes -DENABLE_DTRACE -arch i386 -arch x86_64 -pipe -DHAVE_MEMMEM=1 -DHASH_MODULE=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/opt/local/include -I/System/Library/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara/libyara/modules/tests.c -o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/tests.o
creating build/lib.macosx-10.11-intel-2.7
cc -bundle -undefined dynamic_lookup -arch i386 -arch x86_64 -Wl,-F. build/temp.macosx-10.11-intel-2.7/yara-python.o build/temp.macosx-10.11-intel-2.7/yara/libyara/ahocorasick.o build/temp.macosx-10.11-intel-2.7/yara/libyara/arena.o build/temp.macosx-10.11-intel-2.7/yara/libyara/atoms.o build/temp.macosx-10.11-intel-2.7/yara/libyara/compiler.o build/temp.macosx-10.11-intel-2.7/yara/libyara/exec.o build/temp.macosx-10.11-intel-2.7/yara/libyara/exefiles.o build/temp.macosx-10.11-intel-2.7/yara/libyara/filemap.o build/temp.macosx-10.11-intel-2.7/yara/libyara/grammar.o build/temp.macosx-10.11-intel-2.7/yara/libyara/hash.o build/temp.macosx-10.11-intel-2.7/yara/libyara/hex_grammar.o build/temp.macosx-10.11-intel-2.7/yara/libyara/hex_lexer.o build/temp.macosx-10.11-intel-2.7/yara/libyara/lexer.o build/temp.macosx-10.11-intel-2.7/yara/libyara/libyara.o build/temp.macosx-10.11-intel-2.7/yara/libyara/mem.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules.o build/temp.macosx-10.11-intel-2.7/yara/libyara/object.o build/temp.macosx-10.11-intel-2.7/yara/libyara/parser.o build/temp.macosx-10.11-intel-2.7/yara/libyara/proc.o build/temp.macosx-10.11-intel-2.7/yara/libyara/re.o build/temp.macosx-10.11-intel-2.7/yara/libyara/re_grammar.o build/temp.macosx-10.11-intel-2.7/yara/libyara/re_lexer.o build/temp.macosx-10.11-intel-2.7/yara/libyara/rules.o build/temp.macosx-10.11-intel-2.7/yara/libyara/scan.o build/temp.macosx-10.11-intel-2.7/yara/libyara/sizedstr.o build/temp.macosx-10.11-intel-2.7/yara/libyara/stream.o build/temp.macosx-10.11-intel-2.7/yara/libyara/strutils.o build/temp.macosx-10.11-intel-2.7/yara/libyara/threading.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/demo.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/elf.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/hash.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/math.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/pe.o build/temp.macosx-10.11-intel-2.7/yara/libyara/modules/tests.o -L/opt/local/lib -lcrypto -o build/lib.macosx-10.11-intel-2.7/yara.so
ld: warning: directory not found for option '-L/opt/local/lib'
ld: warning: directory not found for option '-L/opt/local/lib'
running install_lib
copying build/lib.macosx-10.11-intel-2.7/yara.so -> /Library/Python/2.7/site-packages
running install_egg_info
running egg_info
writing yara_python.egg-info/PKG-INFO
writing top-level names to yara_python.egg-info/top_level.txt
writing dependency_links to yara_python.egg-info/dependency_links.txt
warning: manifest_maker: standard file '-c' not found
reading manifest file 'yara_python.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'yara_python.egg-info/SOURCES.txt'
Copying yara_python.egg-info to /Library/Python/2.7/site-packages/yara_python-3.5.0-py2.7.egg-info
running install_scripts
writing list of installed files to '/tmp/pip-fLqXMQ-record/install-record.txt'
Running setup.py install for yara-python: finished with status 'done'
Removing source in /private/tmp/pip-build-SD9wqX/yara-python
Successfully installed yara-python-3.5.0
Cleaning up...So yeah, it looks like if you use pip to install yara-python it doesn't properly recognize OpenSSL stuff and ends up disabling various features of some modules (at least the PE module).
I then spent some time trying to get pip to pass "--dynamic-linking" to setup.py during the build but couldn't get it to work. I don't know where to go from here but can confirm this is a real bug (IMO). A workaround, for now, is to build yara-python from source, possibly using the --dynamic-linking option.
mlaferrera
commented
8 years ago I'm running into this issue as well, even with a build from source and using --dynamic-linking
(.venv) vagrant@vagrant:/tmp/yara-python$ python setup.py build --dynamic-linking
running build
running build_ext
(.venv) vagrant@vagrant:/tmp/yara-python$ sudo python setup.py install
running install
running bdist_egg
running egg_info
writing yara_python.egg-info/PKG-INFO
writing dependency_links to yara_python.egg-info/dependency_links.txt
writing top-level names to yara_python.egg-info/top_level.txt
reading manifest file 'yara_python.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'yara_python.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_ext
creating build/bdist.linux-x86_64/egg
copying build/lib.linux-x86_64-3.4/yara.cpython-34m.so -> build/bdist.linux-x86_64/egg
creating stub loader for yara.cpython-34m.so
byte-compiling build/bdist.linux-x86_64/egg/yara.py to yara.cpython-34.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/not-zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
writing build/bdist.linux-x86_64/egg/EGG-INFO/native_libs.txt
creating 'dist/yara_python-3.5.0-py3.4-linux-x86_64.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing yara_python-3.5.0-py3.4-linux-x86_64.egg
creating /usr/local/stoq/.venv/lib/python3.4/site-packages/yara_python-3.5.0-py3.4-linux-x86_64.egg
Extracting yara_python-3.5.0-py3.4-linux-x86_64.egg to
Installed /usr/local/stoq/.venv/lib/python3.4/site-packages/yara_python-3.5.0-py3.4-linux-x86_64.egg
Processing dependencies for yara-python==3.5.0
Finished processing dependencies for yara-python==3.5.0
(.venv) vagrant@vagrant:/tmp/yara-python$ python -c 'import yara; yara.compile(source="import \"pe\" rule test { condition: pe.number_of_signatures > 0 }")'
Traceback (most recent call last):
File "<string>", line 1, in <module>
yara.SyntaxError: invalid field name "number_of_signatures"These lines make me think you never cleaned the build from the first time you built and it had this failure?
(.venv) vagrant@vagrant:/tmp/yara-python$ python setup.py build --dynamic-linking
running build
running build_extCan you try it after you clean? Particularly you should rm the build and build_ext directories (and anything else which is an artifact of the build).
mlaferrera
commented
8 years ago That worked, however, apparently python setup.py clean does not fully clean out prior builds. I ran it right before my previous failed build. This time I manually did rm -rf build/ and the build was successful. But that is a different bug...
(.venv) vagrant@vagrant:/tmp/yara-python$ python setup.py clean
running clean
removing 'build/temp.linux-x86_64-3.4' (and everything under it)
(.venv) vagrant@vagrant:/tmp/yara-python$ ls build/*
build/bdist.linux-x86_64:
build/lib.linux-x86_64-3.4:
yara.cpython-34m.so
(.venv) vagrant@vagrant:/tmp/yara-python$ rm -rf build
(.venv) vagrant@vagrant:/tmp/yara-python$ python setup.py build --dynamic-linking
running build
running build_ext
building 'yara' extension
creating build
creating build/temp.linux-x86_64-3.4
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 -fPIC -DHAVE_MEMMEM=1 -Iyara/libyara/include -Iyara/libyara/ -I. -I/usr/include/python3.4m -I/usr/local/stoq/.venv/include/python3.4m -c yara-python.c -o build/temp.linux-x86_64-3.4/yara-python.o
creating build/lib.linux-x86_64-3.4
x86_64-linux-gnu-gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-Bsymbolic-functions -Wl,-z,relro -g -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2 build/temp.linux-x86_64-3.4/yara-python.o -lyara -o build/lib.linux-x86_64-3.4/yara.cpython-34m.so
(.venv) vagrant@vagrant:/tmp/yara-python$ python setup.py install
running install
running bdist_egg
running egg_info
writing dependency_links to yara_python.egg-info/dependency_links.txt
writing yara_python.egg-info/PKG-INFO
writing top-level names to yara_python.egg-info/top_level.txt
reading manifest file 'yara_python.egg-info/SOURCES.txt'
reading manifest template 'MANIFEST.in'
writing manifest file 'yara_python.egg-info/SOURCES.txt'
installing library code to build/bdist.linux-x86_64/egg
running install_lib
running build_ext
creating build/bdist.linux-x86_64
creating build/bdist.linux-x86_64/egg
copying build/lib.linux-x86_64-3.4/yara.cpython-34m.so -> build/bdist.linux-x86_64/egg
creating stub loader for yara.cpython-34m.so
byte-compiling build/bdist.linux-x86_64/egg/yara.py to yara.cpython-34.pyc
creating build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/PKG-INFO -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/SOURCES.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/dependency_links.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/not-zip-safe -> build/bdist.linux-x86_64/egg/EGG-INFO
copying yara_python.egg-info/top_level.txt -> build/bdist.linux-x86_64/egg/EGG-INFO
writing build/bdist.linux-x86_64/egg/EGG-INFO/native_libs.txt
creating 'dist/yara_python-3.5.0-py3.4-linux-x86_64.egg' and adding 'build/bdist.linux-x86_64/egg' to it
removing 'build/bdist.linux-x86_64/egg' (and everything under it)
Processing yara_python-3.5.0-py3.4-linux-x86_64.egg
removing '/usr/local/stoq/.venv/lib/python3.4/site-packages/yara_python-3.5.0-py3.4-linux-x86_64.egg' (and everything under it)
creating /usr/local/stoq/.venv/lib/python3.4/site-packages/yara_python-3.5.0-py3.4-linux-x86_64.egg
Extracting yara_python-3.5.0-py3.4-linux-x86_64.egg to /usr/local/stoq/.venv/lib/python3.4/site-packages
yara-python 3.5.0 is already the active version in easy-install.pth
Installed /usr/local/stoq/.venv/lib/python3.4/site-packages/yara_python-3.5.0-py3.4-linux-x86_64.egg
Processing dependencies for yara-python==3.5.0
Finished processing dependencies for yara-python==3.5.0
(.venv) vagrant@vagrant:/tmp/yara-python$ python -c 'import yara; yara.compile(source="import \"pe\" rule test { condition: pe.number_of_signatures > 0 }")'
(.venv) vagrant@vagrant:/tmp/yara-python$
hnstance
commented
7 years ago I can confirm that this is a real bug as well. My solution was to replace the yara-python/config.h with a config.h generated by running ./configure --with-crypto from the non-Python version. Below is my config.h; I have --enable-magic as well:
/* config.h. Generated from config.h.in by configure. */
/* config.h.in. Generated from configure.ac by autoheader. */
/* Define to 1 if you have the <dlfcn.h> header file. */
#define HAVE_DLFCN_H 1
/* Define to 1 if you have the <inttypes.h> header file. */
#define HAVE_INTTYPES_H 1
/* Define to 1 if you have the `crypto' library (-lcrypto). */
#define HAVE_LIBCRYPTO 1
/* Define to 1 if you have the `dmalloc' library (-ldmalloc). */
/* #undef HAVE_LIBDMALLOC */
/* Define to 1 if you have the `jansson' library (-ljansson). */
/* #undef HAVE_LIBJANSSON */
/* Define to 1 if you have the `m' library (-lm). */
#define HAVE_LIBM 1
/* Define to 1 if you have the `magic' library (-lmagic). */
/* #undef HAVE_LIBMAGIC */
/* Define to 1 if you have the `memmem' function. */
#define HAVE_MEMMEM 1
/* Define to 1 if you have the <memory.h> header file. */
#define HAVE_MEMORY_H 1
/* Define if you have POSIX threads libraries and header files. */
/* #undef HAVE_PTHREAD */
/* Define to 1 if you have the <stdint.h> header file. */
#define HAVE_STDINT_H 1
/* Define to 1 if you have the <stdlib.h> header file. */
#define HAVE_STDLIB_H 1
/* Define to 1 if you have the <strings.h> header file. */
#define HAVE_STRINGS_H 1
/* Define to 1 if you have the <string.h> header file. */
#define HAVE_STRING_H 1
/* Define to 1 if you have the `strlcat' function. */
/* #undef HAVE_STRLCAT */
/* Define to 1 if you have the `strlcpy' function. */
/* #undef HAVE_STRLCPY */
/* Define to 1 if you have the <sys/stat.h> header file. */
#define HAVE_SYS_STAT_H 1
/* Define to 1 if you have the <sys/types.h> header file. */
#define HAVE_SYS_TYPES_H 1
/* Define to 1 if you have the `timegm' function. */
#define HAVE_TIMEGM 1
/* Define to 1 if you have the <unistd.h> header file. */
#define HAVE_UNISTD_H 1
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
#define LT_OBJDIR ".libs/"
/* Name of package */
#define PACKAGE "yara"
/* Define to the address where bug reports for this package should be sent. */
#define PACKAGE_BUGREPORT "vmalvarez@virustotal.com"
/* Define to the full name of this package. */
#define PACKAGE_NAME "yara"
/* Define to the full name and version of this package. */
#define PACKAGE_STRING "yara 3.5.0"
/* Define to the one symbol short name of this package. */
#define PACKAGE_TARNAME "yara"
/* Define to the home page for this package. */
#define PACKAGE_URL ""
/* Define to the version of this package. */
#define PACKAGE_VERSION "3.5.0"
/* Define to necessary symbol if this constant uses a non-standard name on
your system. */
/* #undef PTHREAD_CREATE_JOINABLE */
/* Define to 1 if you have the ANSI C header files. */
#define STDC_HEADERS 1
/* Version number of package */
#define VERSION "3.5.0"
/* Define to 1 if `lex' declares `yytext' as a `char *' by default, not a
`char[]'. */
/* #undef YYTEXT_POINTER */
cgupta6
commented
6 years ago I resolved it using and worked for me: pip install --global-option="build" --global-option="--enable-cuckoo" --global-option="--enable-magic" yara-python
ProductiveAsparagus56
commented
4 years ago Phew.. i spent so much time trying to get this to work, i will never forget the link of this thread. thank you all so much! @cgupta6 gave me the last hint :)
utkonos
commented
3 years ago The pip command above that works for some users does not appear to work correctly on macOS. If the problem persists try the following:
git clone --recursive git@github.com:VirusTotal/yara-python.git
python setup.py build --dynamic-linking
python setup.py install
I am having an issue using the PE module within yara-python, although it works fine from command line yara.
Using yara 3.5.0 and yara-python 3.5.0. It looks somewhat related to #8 but in this case I don't have an issue on the import, but I can't use the functions.
(env) vagrant@web:/opt$ yara --version yara 3.5.0 (env) vagrant@web:/opt$ python Python 2.7.6 (default, Jun 22 2015, 17:58:13) [GCC 4.8.2] on linux2 Type "help", "copyright", "credits" or "license" for more information.