Ruby yara-ffi and virustotal yara release 4.5.0

[kavat]

Hi, trying installing and configuring my ruby environment (ruby version 3.0.2p107 with gem yara-ffi version 3.1.0), I have a issue as explained below:

SCRIPT USED TO TEST FUNCTIONALITY

`require 'yara'

Yara.start # run before you start using the Yara API.

rule = <<-RULE rule ExampleRule { meta: string_meta = "an example rule for testing"

strings: $my_text_string = "test"

condition: $my_text_string } RULE

scanner = Yara::Scanner.new scanner.add_rule(rule) scanner.compile result = scanner.call("test string") puts "#{result.inspect}"

scanner.close # run when you are done using the scanner API and want to free up memory. Yara.stop # run when you are completely done using the Yara API to free up memory.`

STEP TO INSTALL VERSION 4.5.0

• git clone --recursive --branch 4.5.0 https://github.com/VirusTotal/yara.git ./yara
• cd yara
• ./bootstrap.sh
• ./configure
• make
• make install

STEP TO INSTALL OLD VERSION (SUCH 4.3.1)

• git clone --recursive --branch 4.3.1 https://github.com/VirusTotal/yara.git ./yara
• cd yara
• ./bootstrap.sh
• ./configure
• make
• make install

All works fine and running script above the expected detection is raised

I can use old library without problems but I'm interesting about it would be a version problem or mine.

Can you help me plese?

Thanks Andrea

[plusvic]

It's not clear in your report which error you are getting, or what's the difference you are noticing between the two versions. Can you provide more details about the behaviour you are seeing and the behaviour you expect?