Tom Lancaster

It might be the design, but I expect I will not be the last user who is surprised by this behaviour - a common use case for plyara might be:...

For some parts of the PE module you can see what's being parsed by YARA by using the -D flag when running your rule. The signature is actually: ``` signatures...

Can reproduce same bug on 4.2.0, 4.2.1. Same bug not reproducable using 4.1.0 binary.

Hello, I would suggest that this is done outside of YARA. To do this you could: 1) precompile rules 2) find files of correct extension using external method such as...

Hi, OK, but if you use "--scan-list" as I suggest, it does not create millions of processes, it creates one process. Cheers, Tom

Apologies if I should have submitted this to the base YARA repo instead - please migrate it if necessary, or I can recreate there.

This has come up again in a discussion at $dayjob, I was wondering if this feature is possible/desirable or if there's some aspect of it that means its unlikely to...

OK - thanks for the heads up 👍

Hello! I'd like to add my support for adding a hex modifier. Here are some possible details to consider: 1) Hex should be applied after base64/xor modifier, but before ascii/wide...

FWIW, the fork from KillerInstinct does not support Python3 afaict, since byte checks are still using strings rather than the proper type, e.g.: https://github.com/KillerInstinct/pylnker/blob/master/pylnker.py#L319 Can confirm that the pylnkerForPython3.zip uses...