[Vol-users] yarascan failing to find libyara, I think

David Kovar dkovar at gmail.com
Sat Oct 12 12:53:34 CDT 2013


Greetings,

I had the 1.6 version installed. I tore it out and tried to build 1.7 but that is failing:

bash-3.2# python setup.py build
running build
running build_ext
building 'yara' extension
cc -fno-strict-aliasing -fno-common -dynamic -I/usr/local/include -I/usr/local/opt/sqlite/include -DNDEBUG -g -fwrapv -O3 -Wall -Wstrict-prototypes -I/usr/local/include -I/usr/local/Cellar/python/2.7.3/Frameworks/Python.framework/Versions/2.7/include/python2.7 -c yara-python.c -o build/temp.macosx-10.8-x86_64-2.7/yara-python.o
yara-python.c:259: error: expected specifier-qualifier-list before ‘YARA_CONTEXT’
yara-python.c:321: error: expected declaration specifiers or ‘...’ before ‘YARA_CONTEXT’
yara-python.c: In function ‘process_externals’:
yara-python.c:338: warning: implicit declaration of function ‘yr_define_integer_variable’
yara-python.c:338: error: ‘context’ undeclared (first use in this function)
yara-python.c:338: error: (Each undeclared identifier is reported only once
yara-python.c:338: error: for each function it appears in.)
yara-python.c:342: warning: implicit declaration of function ‘yr_define_boolean_variable’
yara-python.c:346: warning: implicit declaration of function ‘yr_define_string_variable’
yara-python.c: At top level:
yara-python.c:358: error: expected declaration specifiers or ‘...’ before ‘YARA_CONTEXT’
yara-python.c: In function ‘Rules_new_from_file’:


Shall see if I can figure that out and then come back to Volatility.

-David

On Oct 12, 2013, at 12:43 PM, Lorenzo Cantoni <lorenzo.cantoni86 at gmail.com> wrote:

> Did you installed also the python bindings? (yarapython)
> 
> Il 12/ott/2013 19:37 "David Kovar" <dkovar at gmail.com> ha scritto:
> Greetings,
> 
> Vol 2.3 built from svn. Yara built from yara-project. OS is OS X 10.8.5. I tore out all the old copies of volatility while trying to get this to work.
> 
> praha:mem kovar$ vol.py -f xp-base-44f9a302.vmem --profile WinXPSP3x86 yarascan -Y 'foo'
> Volatility Foundation Volatility Framework 2.3
> ERROR   : volatility.plugins.malware.malfind: Please install Yara from code.google.com/p/yara-project
> 
> praha:mem kovar$ yara -v
> yara 2.0 (rev:223)
> 
> bash-3.2# ls -l /usr/local/lib/libyara*
> lrwxr-xr-x  1 root  admin      15 Oct 12 12:36 /usr/local/lib/libyara.0.0.0.dylib -> libyara.0.dylib
> -rwxr-xr-x  1 root  admin  113736 Oct 12 12:36 /usr/local/lib/libyara.0.dylib
> -rw-r--r--  1 root  admin  393560 Oct 12 12:36 /usr/local/lib/libyara.a
> lrwxr-xr-x  1 root  admin      15 Oct 12 12:36 /usr/local/lib/libyara.dylib -> libyara.0.dylib
> -rwxr-xr-x  1 root  admin     938 Oct 12 12:36 /usr/local/lib/libyara.la
> 
> -David
> 
> 
> _______________________________________________
> Vol-users mailing list
> Vol-users at volatilityfoundation.org
> http://lists.volatilityfoundation.org/mailman/listinfo/vol-users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.volatilityfoundation.org/pipermail/vol-users/attachments/20131012/5dc969bd/attachment.html


More information about the Vol-users mailing list