Yara Plugin - Issue

[v0idif]

Hello , I recently installed Volutility successfully on Ubuntu 14.04 machine. However it appears that i have some issues with Yara that i can't solve my self . Here is the issue : As soon as i execute ./manage.py 0.0.0.0:1234 to start Volutility am receiving the follow warning : Unable to import Yara . Regardless Yara the rest features in the panel of Volutility works perfectly.

I have successfully installed python-yara and yara 3.5 and all the require libraries respectively. In order to verify that Yara works ok , i run the test check with the following result:

==================================================================
Testsuite summary for yara 3.5.0
==================================================================
# TOTAL: 3
# PASS:  3
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
==================================================================

Now as soon as i run the Yara Scanner Plugin in the Volutility Panel , i get the follow error in the log file:

ERROR Please install Yara from https://plusvic.github.io/yara/
ERROR   : web.views           : Please install Yara from https://plusvic.github.io/yara/
INFO "POST /ajaxhandler/yara-string/ HTTP/1.1" 200 28
INFO    : django.server       : "POST /ajaxhandler/yara-string/ HTTP/1.1" 200 28

Any help will be really appreciated.

Thanks

[kevthehermit]

Sorry for the delay. I will take a look at this

[v0idif]

Hello Kevthehermit,

Did you manage by any chance to find solution to my issue?

Thanks

[kevthehermit]

Sorry,

Can you try the following steps i just want to confirm the python library is working properly

$ python
>>> import yara
>>> yara.__version__

You should see something like this.

kbreen@ubuntu:~$ python
Python 2.7.6 (default, Jun 22 2015, 17:58:13) 
[GCC 4.8.2] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import yara
>>> yara.__version__
'3.5.0'
>>> 

[v0idif]

Hello Thanks for your reply,

I get the follow Error:

import yara Traceback (most recent call last): File "", line 1, in ImportError: /usr/local/lib/python2.7/dist-packages/yara_python-3.5.0-py2.7-linux-x86_64.egg/yara.so: undefined symbol: yr_finalize

Thanks

[kevthehermit]

can you do a

sudo pip uninstall yara

And then try again. It sounds like you have the old 1.x yara installed as well.

[v0idif]

Execute the command as you mention above getting the following error : Can't install requirement yara , not installed. But Yara is installed ..

[kevthehermit]

Definitely sounds like this is a Yara issue. The best option is to uninstall yara and the python bindings then install again from fresh. I will see if i can find some good instructions to remove all of Yara if you can not find any yourself.

[marcurdy]

I had to use "print yara.version" to get your test to work. I can't figure out either which module executes the yara scan OR where is "yarascan" these days? Did the version for windows get yanked?