yara icon indicating copy to clipboard operation
yara copied to clipboard
verified publisher icon VirusTotal

Yara cannot scan chinese filename?

Open cheapylam opened this issue 4 years ago • 5 comments

Hi,
I am new to Yara. I am using Yara to perform scanning on malicious web shell script using core.webshell_detection.yara provided by NSA/ASD Mitigating Web Shells [ https://github.com/nsacyber/Mitigating-Web-Shells ]

I ran from windows command line and the target file with Chinese filename and got the following error. error scanning {filename} could not open file

I am using windows 10 with English char set machine.
What went wrong here?
Because as much as I see this, it is very severe issue, because someone can create a malicious file with this filename and walk through undetected.
Am I right?

擷取

cheapylam avatar May 03 '21 10:05 cheapylam

This should be fixed after https://github.com/VirusTotal/yara/pull/1491. Could try with the latest version in the master branch and let me know if it works fine?

plusvic avatar May 11 '21 11:05 plusvic

May I know how to generate an executable file [yara.exe] from the master branch?

cheapylam avatar May 13 '21 07:05 cheapylam

@plusvic Sorry, may I know the new version 4.1.1 is it including the fixed #1491 ?

Please also note that the new version 4.1.1 ==> yara.exe -v <=== version not updated yara_4 1 1_ver_not_update

cheapylam avatar May 25 '21 02:05 cheapylam

No, version 4.1.1 is a minor update, including only bug fixes. The unicode support will be released in version 4.2.0.

plusvic avatar May 25 '21 07:05 plusvic

Thank you :D

cheapylam avatar May 26 '21 01:05 cheapylam