yara 1.7 gets stuck.

[GoogleCodeExporter]

For some of the complex rules Yara 1.7 gets stuck and is not being able to 
generate any result. 

In the attached zip file, there is a rule file with name "rule.yara" and a file 
called "test" which was scanned using the Yara signature. 

What steps will reproduce the problem?
1.  Copy the files in Yara 1.7
2.  Yara rule.yara test

What is the expected output? What do you see instead?

Yara should exit graceful with in a time frame. There is no output.  

What version of the product are you using? On what operating system?

yara 1.7 

Please provide any additional information below.

Attachment has the files and the signature to reproduce the problem

Original issue reported on code.google.com by abhishek...@gmail.com on 14 Jul 2013 at 11:01

Attachments:

• Repro.zip

[GoogleCodeExporter]

What is the expected output? What do you see instead?

Yara should exit graceful with in a time frame. If there is a match it should 
the match. However the yara gets stuck. Even after 100 seconds there is no 
output. 

Yara 1.7 was used on CentOS.

Original comment by abhishek...@gmail.com on 14 Jul 2013 at 11:06

[GoogleCodeExporter]

The problem here are the regular expressions.

$a1 = /(\x0a)?(public|private|protected|\s+)static [a-zA-Z0-9]+ +[a-zA-Z0-9]+;/
$a2 = /(\x0a)?(public|private|protected|\s+)[a-zA-Z0-9]+ [a-zA-Z0-9]+;/

These regular expressions slow down the scan too much. The new version 2.0 I'm 
working on will address these cases and also include a time limit to abort the 
scanning if it's taking too long.

Original comment by plus...@gmail.com on 17 Jul 2013 at 9:44

• Changed state: WontFix