[Vol-users] yarascan failing to find libyara, I think

David Kovar dkovar at gmail.com
Sat Oct 12 12:37:20 CDT 2013


Greetings,

Vol 2.3 built from svn. Yara built from yara-project. OS is OS X 10.8.5. I tore out all the old copies of volatility while trying to get this to work.

praha:mem kovar$ vol.py -f xp-base-44f9a302.vmem --profile WinXPSP3x86 yarascan -Y 'foo'
Volatility Foundation Volatility Framework 2.3
ERROR   : volatility.plugins.malware.malfind: Please install Yara from code.google.com/p/yara-project

praha:mem kovar$ yara -v
yara 2.0 (rev:223)

bash-3.2# ls -l /usr/local/lib/libyara*
lrwxr-xr-x  1 root  admin      15 Oct 12 12:36 /usr/local/lib/libyara.0.0.0.dylib -> libyara.0.dylib
-rwxr-xr-x  1 root  admin  113736 Oct 12 12:36 /usr/local/lib/libyara.0.dylib
-rw-r--r--  1 root  admin  393560 Oct 12 12:36 /usr/local/lib/libyara.a
lrwxr-xr-x  1 root  admin      15 Oct 12 12:36 /usr/local/lib/libyara.dylib -> libyara.0.dylib
-rwxr-xr-x  1 root  admin     938 Oct 12 12:36 /usr/local/lib/libyara.la

-David




More information about the Vol-users mailing list