I have been attempting to integrate the rules from the Yara-Rules repo into laikaboss and find that it is giving the following error after adding the index.yar to laikas signatures file:
ERROR:root:util: yara on demand scan failed with rule /etc/laikaboss/modules/scan-yara/signatures.yara
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/laikaboss-2.0-py2.7.egg/laikaboss/util.py", line 67, in yara_on_demand
yara_on_demand_rules[rule] = yara.compile(rule, externals=externalVars)
SyntaxError: /home/test/laikaboss-master/rules/./malware/MALW_Mirai_Okiru_ELF.yar(35): duplicated identifier "is__elf"
ERROR:root:error on 1107370e-783f-4242-ae53-8ee2043fb518 running module SCAN_YARA. exception details below:
Traceback (most recent call last):
File "/usr/local/lib/python2.7/dist-packages/laikaboss-2.0-py2.7.egg/laikaboss/si_module.py", line 43, in run
moduleResult = self._run(scanObject, result, depth, args)
File "/usr/local/lib/python2.7/dist-packages/laikaboss-2.0-py2.7.egg/laikaboss/modules/scan_yara.py", line 87, in _run
matches = yara_on_demand(config.yarascanrules, scanObject.buffer, externalVars=externalVars)
File "/usr/local/lib/python2.7/dist-packages/laikaboss-2.0-py2.7.egg/laikaboss/util.py", line 67, in yara_on_demand
yara_on_demand_rules[rule] = yara.compile(rule, externals=externalVars)
SyntaxError: /home/test/laikaboss-master/rules/./malware/MALW_Mirai_Okiru_ELF.yar(35): duplicated identifier "is__elf"
I can't see how to resolve the issue, if anyone has some insight it would be appreciated
I have been attempting to integrate the rules from the Yara-Rules repo into laikaboss and find that it is giving the following error after adding the index.yar to laikas signatures file:
I can't see how to resolve the issue, if anyone has some insight it would be appreciated