scallensc
commented
9 months ago Resolved by downloading the latest yara from https://github.com/virustotal/yara/releases/tag/v4.3.2
Overwrite the Autopsy provided yarac64.exe file as per screenshot.
Closed scallensc closed 9 months ago
scallensc
commented
9 months ago Resolved by downloading the latest yara from https://github.com/virustotal/yara/releases/tag/v4.3.2
Overwrite the Autopsy provided yarac64.exe file as per screenshot.
Attempting to use Yara Forge rulesets from https://github.com/YARAHQ/yara-forge
Attached screenshots show the .yar file in the correct folder, Autopsy yara module settings showing the file is found correctly, and the subsequent error.
Receive Compile error 1. - nothing is shown in any log file. This happens whether "All Files" or "Only Executable Files" is chosen on the "Run Ingest Modules" YARA Analyzer options page.
Verified these rules compile fine from command line based on the only forum post related to this issue I could find - attached screenshot showing this.
I've tested core, extended and full sets and they all have this issue.
Running latest Autopsy 4.21.0 downloaded from your releases section. Have tested this on a Win10 PC and VM at work, as well as at home on my Win11 PC, same issue.
Additionally, I have used these rulesets with no issues in X-Ways with the CrowdStrike YARA x-tension, so I think the issue is with the compilation process in Autopsy. These rulesets are compatible with v4.3.2 of yara, do you use an outdated version?