Skip to content

v0.5.0
Compare
Choose a tag to compare
@github-actions github-actions released this 16 Feb 22:27
v0.5.0
7d1c4ee

This release mainly consists of Yara 4.5 compatibility features and fixes:

Added:

YARA 4.5 support:

  • New Warning on unknown escape sequences in regexes. See PR #68.
    This warning is more broad than the YARA one from YARA 4.5.
  • always expose pe.is_signed 97d1d11
  • Do not report strings whose name starts with _ as unused 1a8a8cd
  • Add pe.export_details[*].rva field 7597d3f
  • math.count and math.percentage now returns an undefined value when given a
    value outside the [0; 255] range. 6a09ed2
  • Imported dlls are ignored if the dll name is longer than 255 bytes 28f8626
  • Fix endianness issue in macho.magic field, see the Yara fix 50d418d
  • filter imported functions with invalid name in pe module 5a0cb4e
  • bump limit on number of listed export symbols in pe module to 16384 98032b3

Changed:

  • crc32-fast dependency updated to 1.4 f1ae01a
  • authenticode-parser dependency updated e68dde7

Fixed:

  • Exclude test assets in package 24ca838.
    This avoids having the package be flagged by antiviruses, as unfortunately, some of the binaries copied from the yara repository
    and used for testing seems trigger false positives.
Assets 6
Loading