Plugin yarascan matches multiple plugins(windows.vadyarascan.VadYaraScan, yarascan.Yarascan)

[SolitudePy]

Hi, I noticed that when I try to run yarascan plugin against a linux dump it returns the error in the title, when I changed the py file from vadyarascan.py to other name the yarascan plugin successfully worked, is there a better workaround?

Volatility Version: 3.2.5

Steps to reproduce the behavior: python vol.py -f yarascan

[eve-mem]

You should be able to use the base yarascan plugin with yarascan.YaraScan

As you you are working on a linux image you might want to test the vmayarascan plugin from this PR. I'd love to know if it works well for you.

Link to the PR here: https://github.com/volatilityfoundation/volatility3/pull/885

[ikelos]

This is not really an issue. Volatility has always accept the complete plugin name (including the operating system) and executed that. There was convenience functionality added to allow unique substrings to identify a plugin, but obviously not every plugin name will have a unique substring. Any substring will work though, so if you really need to use the least characters possible I suspect n.Y would be unique. If more than one plugin matches, volatility presents you with an error message telling you all the plugins that matched, allowing you to easily copy/paste or type in the full name of the needed plugin.

Since this isn't really an issue, and there isn't a clearer way of doing this (while we can choose core plugin names, we can't do anything to stop other people choosing duplicate names, so better than we handle it this way) I'm going to close off this plugin. If you still feel this is a serious malfunction in volatility please feel free to open the issue and suggest a means for handling duplicate plugin names that other may produce and we'll investigate its feasibility...