volatilityfoundation
Yarascan process_yara_options method needs updating to ensure requirements and processing options remain in sync
After merging https://github.com/volatilityfoundation/volatility3/pull/1050 @ikelos noticed that the the process_yara_options method could be updated to handle and check the yara config options in a better way.
The discussion https://github.com/volatilityfoundation/volatility3/pull/1050 contains more context, however the main point from @ikelos is:
It's kind of ok, since the rules returned are what the plugin actually uses, but it's keeping the requirements and the processing in sync that's the issue (ie, making sure the options used match the rules object generated). Perhaps we could just beef up option checking a little? The other option would be to parameterize the process_yara_options to take each individual option? We could then pass in **conf, and that should have the same effect? That would be a major version bump to yarascan, but it might be the best way to resolve the issue?
This issue is to track this yarascan update so that it isn't missed.
This issue is stale because it has been open for 200 days with no activity.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
I can't remember whether I was gonna do this or you were, @eve-mem ? I'll keep it open just in case... Should be a nice starter project for someone if neither of us get round to it (if only I could remember what it is I was thinking). 5;P
I think i was planning on doing it... I agree though that it would be simple enough as a starter.
This issue is stale because it has been open for 200 days with no activity.
This issue is stale because it has been open for 200 days with no activity.