Comments (2)
My past self comes to the rescue: 4de3d57
As explained in the commit message, there were some false negatives in fast-mode with expressions like:
any of <string_set> in <range>
any of <string_set> at <offset>
The quick and dirty solution for the false negatives was finding all instances of the strings in <string_set>
, even if not strictly required in some other expressions like x of <string_set>
. The underlying problem is that at the point of the code were this decision is made, we don't have information about the kind of expressions we are parsing. Fixing this issue would require non-trivial changes.
from yara.
Hey Victor,
Thanks for the explanation. It makes sense to avoid false negatives in this scenario, and if there isn't an easy way to fix it then I suppose we should mark this issue as resolved.
Cheers,
Tom
from yara.
Related Issues (20)
- Windows Defender detects YARA as Malware!! HOT 1
- Assert thrown for PE module in debug
- False negative with certain hex patterns
- Problem while using scanner with libyara in C++ HOT 2
- Add libyara.lib in the windows builds of the ci
- ERROR_TOO_MANY_SCAN_THREADS HOT 1
- Alignment in 32-bits. Again
- Add Support for Scanning Windows 64-bit process from 32-bit Processes in YARA HOT 3
- Ruby yara-ffi and virustotal yara release 4.5.0 HOT 1
- Build fails for Ubuntu 22.04 HOT 5
- NULL pointer dereference in libyara/re.c
- Test failure on OpenBSD - tests/test-pe.c:390: rule does not match contents HOT 4
- Crash with deeply nested directory hierarchies HOT 5
- Mingw fail to find jansson HOT 4
- add lookaround forward/backward to regular expression. HOT 1
- Excluding the feature of scanning folders HOT 1
- pe.signatures[n].issuer not working at the lasts version HOT 6
- Link of Windows YARA install is not working. HOT 1
- SyntaxError, unexpected end of file (8191 characters) HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from yara.