Releases: VirusTotal/yara-x
Releases · VirusTotal/yara-x
v1.9.0
- Add function for scanning files by path to the C and Go APIs (32bac10).
- Add version number to the Rust API (bdb53e8, #469).
- Add
osabifield toelfmodule (afa0960). - Avoid verifying patterns when the file size is not in the range specified in the rule condition (#473).
- Avoid emitting code that invokes
search_for_patternsif not necessary (#487). - Implement DFS iterator for expressions in AST (#488).
- BUGFIX: Check if
AddressOfFunctionsis zero while parsing PE files (#482).
Contributors: @vojone
Contributors
vojone
Assets 8
v1.8.1
Contributors
metthal
Assets 8
v1.8.0
- Implement block scanning API for Rust and C (#459, 185c2ee).
- Implement Golang and C APIs for setting global variables of type array and structure (#449).
- Add iterator for
Rulesobject in Python (#463). - BUGFIX: Inconsistency with legacy YARA in PE certificate subjects (445e7e4).
Contributors: @nmbarel
Contributors
nmbarel
Assets 8
v1.7.1
v1.7.0
- New warning suggesting the use of
none of theminstead of0 of them. - Added option
--max-matches-per-patternto the CLI and themax_matches_per_patternmethod to the Python API (#437). - New
yrx_finalizefunction to the C API that allows dynamically unloading the YARA-X library (#445). - Add
yrx_compiler_add_include_dirfunction to the C API (#447). - Replace the
Formatter::ident_spacesmethod withFormatter::indentation(b8a1808). - BUGFIX: Indentation issues in code formatter (6bfe2e2).
- BUGFIX: Inconsistencies in code formatter with empty lines at the end of the code (de10bbd).
- BUGFIX: High memory consumption while parsing some PE files (af18dbc, #443)
- BUGFIX: Prevent panic when assertions like
\band\Bare used in Unicode regexps (0536ad1).
Contributors: @1ndahous3 @jtpox @vojone
Contributors
jtpox, 1ndahous3, and vojone
Assets 8
v1.6.0
- Implement
--no-mmapoption for disabling the use of memory-mapped files (9ff675f). - Support relative includes for compatibility with YARA (89674f1).
- Support metadata validation using regular expressions (#434).
- Added support for global variables of type
dictin the Python API (#433). - BUGFIX: Detect circular includes and raise an error instead of panicking (624429f).
- BUGFIX: Issue in hoisting algorithm causing false-positive in some
withstatements (f0f5b0a). - BUGFIX: Multiple issues with Python stub file
yara_x.pyi(4d83594).
Contributors: @nmbarel @prosperritty @zdiff
Contributors
zdiff, nmbarel, and prosperritty
Assets 8
v1.5.0
- Implement the
crxmodule for parsing Chrome Extension files (#423). - Allow underscores in integer and float literals (#405).
- Adopt Anomali's symhash algorithm for Mach-O files (#425).
- Support boolean type in
console.log()(#406). - Allow specifying include directories in the C, Go and Python APIs (45a03c6).
- Improvements while parsing imports and exports in Mach-O files (#417, #421).
- Improve performance for patterns with the
xormodifier. The performance gain can be noticeable for certain rules (0122fa9). - Return an error with rules that can have arbitrarily long prefixes (c8bbede).
- BUGFIX: Fix misleading help text in
text_as_hexwarning (e61a74e). - BUGFIX: Minor formatting issues in
yr fmtcommand (43fbdc5). - BUGFIX: Fix panic when a rule contains an invalid regexp and the rule name is reused (a50f3db).
- BUGFIX: Fix panic with regular expressions that contain too many alternatives (7ad6d8f).
- BUGFIX: Make some functions in
cuckoomodule backward-compatible with YARA (#424).
Contributors: @MichaelTheSynthCat @latonis @wxsBSD @1ndahous3
Contributors
wxsBSD, latonis, and 2 other contributors
Assets 8
v1.4.0
v1.3.0
- Add span information to
Event::BeginandEvent::End(f4259f0). - Add support for private patterns. Private patterns were being accepted but ignored. (21a9090).
- BUGFIX: add
YRX_prefix to constants in the C API to avoid name collisions (#382). - BUGFIX: increase
MAX_ATOMS_PER_REGEXPfrom 8192 to 10000 (#387, 664abac).