search

VirusTotal / yara

The pattern matching swiss knife
https://virustotal.github.io/yara/
BSD 3-Clause "New" or "Revised" License
8.13k stars 1.42k forks source link

dotnet Module Bug #1906

Closed ddash-ct closed 1 year ago

ddash-ct commented 1 year ago

Describe the bug When attempting to use the dotnet module, consistently observe errors being thrown like:

yara.Error: could not map file "XXXX" into memory

This has been observed with .NET compiled binaries such as the following:

This becomes particularly problematic when running a rule against a repository of files since it crashes scanning

To Reproduce Have a rule which imports the dotnet module and runs against one of the above samples

Expected behavior The dotnet module should support those samples, but it would be ideal if this didn't crash scanning when using the recursive option.

Screenshots N.A

Please complete the following information:

Additional context N/A

wxsBSD commented 1 year ago

This was recently fixed. My hope is that there will be a 4.3.1 released soon as using the module on windows results in unreliable scanning behavior.

plusvic commented 1 year ago

Fixed in #1902