PasteHunter icon indicating copy to clipboard operation
PasteHunter copied to clipboard

Published 20 hours ago verified publisher icon kevthehermit

Yara index creation fails when local rule has syntax errors.

Open ir0nf1re opened this issue 6 years ago • 2 comments

Hi,

It seems if you create a new Yara rule from scratch, and then restart pastehunter, you get the message below. If you remove the new Yara rule then the restart works.

Feb 22 13:05:19 vps639933 systemd[1]: pastehunter.service: Service hold-off time over, scheduling restart. Feb 22 13:05:19 vps639933 systemd[1]: pastehunter.service: Scheduled restart job, restart counter is at 5. Feb 22 13:05:19 vps639933 systemd[1]: Stopped PasteHunter. Feb 22 13:05:19 vps639933 systemd[1]: pastehunter.service: Start request repeated too quickly. Feb 22 13:05:19 vps639933 systemd[1]: pastehunter.service: Failed with result 'start-limit-hit'. Feb 22 13:05:19 vps639933 systemd[1]: Failed to start PasteHunter.

ir0nf1re avatar Feb 22 '19 12:02 ir0nf1re

It may be related to this error message: Unable to Create Yara index: YaraRules/recon.yar(24): syntax error, unexpected end of file, expecting

ir0nf1re avatar Feb 22 '19 15:02 ir0nf1re

That looks like the issue is with the syntax in your local rule file. I will add some more handling around yara rules to validate each rule before including so it doesnt take the whole stack down.

kevthehermit avatar Feb 26 '19 13:02 kevthehermit