Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add Cado to who is using Yara #2086

Merged
merged 1 commit into from
Aug 1, 2024
Merged

Conversation

chrisdoman
Copy link

No description provided.

@plusvic plusvic merged commit be2212a into VirusTotal:master Aug 1, 2024
9 of 10 checks passed
DavidTurland pushed a commit to DavidTurland/yara that referenced this pull request Sep 9, 2024
DavidTurland added a commit to DavidTurland/yara that referenced this pull request Sep 9, 2024
* Fix crash while parsing PE Rich header

File e77b007c9a964411c5e33afeec18be32c86963b78f3c3e906b28fcf1382f46c3 has a Rich header of only 8 bytes, which is smaller than the RICH_SIGNATURE structure. This was causing a crash when some of the `rich_xxx` functions were used with this file.

* Fix warning

`_rich_version` in PE module should return an `int64_t` instead of `uint64_t`.

* Use YR_MAX_PATH instead of MAX_PATH (VirusTotal#2090)

Replace all instances of `MAX_PATH` with `YR_MAX_PATH`.

* Adding Veeam (VirusTotal#2083)

Adding Veeam to list of companies that use YARA.

* Add Cado to who is using Yara (VirusTotal#2086)

* Mitigate stack overflow when scanning very deep directory trees.

Closes VirusTotal#2088.

* Remove all references to ERROR_TOO_MANY_SCAN_THREADS

This error code is not used anymore. Closes VirusTotal#2068.

* Use latest MacOS in build workflow.

* Use MacOS 13 in build workflow.

For some reason in MacOS 14 the build fails because the `configure` script is unable to find the Jansson library, even thought it is correctly installed by `brew`.

* docs: minor updates to xor (VirusTotal#2098)

* use new module macros in docs (VirusTotal#2100)

Co-authored-by: Tad Keller <logisch@pm.me>

* filemap: define PROC_SUPER_MAGIC, avoid linux/magic.h (VirusTotal#2103)

PR VirusTotal#1848 caused build issues with some "unusual" build configurations
– apparently we can't rely on linux/magic.h being present when
cross-building for musl libc.

Defining PROC_SUPER_MAGIC should not cause a problems since it should
be considered part of the Linux kernel/user API and it is unlikely to
change.

---------

Co-authored-by: Victor M. Alvarez <vmalvarez@virustotal.com>
Co-authored-by: Chris Arceneaux <carcenea@gmail.com>
Co-authored-by: chrisdoman <chris.doman@cantab.net>
Co-authored-by: Wes <5124946+wesinator@users.noreply.github.com>
Co-authored-by: Tad Keller <43346260+GLMONTER@users.noreply.github.com>
Co-authored-by: Tad Keller <logisch@pm.me>
Co-authored-by: Hilko Bengen <bengen@hilluzination.de>
DavidTurland added a commit to DavidTurland/yara that referenced this pull request Sep 9, 2024
* Fix crash while parsing PE Rich header

File e77b007c9a964411c5e33afeec18be32c86963b78f3c3e906b28fcf1382f46c3 has a Rich header of only 8 bytes, which is smaller than the RICH_SIGNATURE structure. This was causing a crash when some of the `rich_xxx` functions were used with this file.

* Fix warning

`_rich_version` in PE module should return an `int64_t` instead of `uint64_t`.

* Use YR_MAX_PATH instead of MAX_PATH (VirusTotal#2090)

Replace all instances of `MAX_PATH` with `YR_MAX_PATH`.

* Adding Veeam (VirusTotal#2083)

Adding Veeam to list of companies that use YARA.

* Add Cado to who is using Yara (VirusTotal#2086)

* Mitigate stack overflow when scanning very deep directory trees.

Closes VirusTotal#2088.

* Remove all references to ERROR_TOO_MANY_SCAN_THREADS

This error code is not used anymore. Closes VirusTotal#2068.

* Use latest MacOS in build workflow.

* Use MacOS 13 in build workflow.

For some reason in MacOS 14 the build fails because the `configure` script is unable to find the Jansson library, even thought it is correctly installed by `brew`.

* docs: minor updates to xor (VirusTotal#2098)

* use new module macros in docs (VirusTotal#2100)

Co-authored-by: Tad Keller <logisch@pm.me>

* filemap: define PROC_SUPER_MAGIC, avoid linux/magic.h (VirusTotal#2103)

PR VirusTotal#1848 caused build issues with some "unusual" build configurations
– apparently we can't rely on linux/magic.h being present when
cross-building for musl libc.

Defining PROC_SUPER_MAGIC should not cause a problems since it should
be considered part of the Linux kernel/user API and it is unlikely to
change.

---------

Co-authored-by: Victor M. Alvarez <vmalvarez@virustotal.com>
Co-authored-by: Chris Arceneaux <carcenea@gmail.com>
Co-authored-by: chrisdoman <chris.doman@cantab.net>
Co-authored-by: Wes <5124946+wesinator@users.noreply.github.com>
Co-authored-by: Tad Keller <43346260+GLMONTER@users.noreply.github.com>
Co-authored-by: Tad Keller <logisch@pm.me>
Co-authored-by: Hilko Bengen <bengen@hilluzination.de>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants