Hi Victor Yes, I know that YARA does not support back reference, but we still have the old rules that we will need to port somehow. So my question is, since it looks currently as a long effort to do the manual conversion, is there a possibility to use another module to process the back reference rules in the meantime? Is such a thing supported?
thank you Igor On Wednesday, 11 October 2017 09:32:50 UTC-7, Víctor Manuel Álvarez García wrote: > > Hi Igor, > > Back references are not supported anymore as YARA now uses its own regexp > engine and not PCRE. YARA's regexp engine is more similar to RE2, which > doesn't implement back references neither. For a more detailed explanation > of why back references are not supported by RE2 nor YARA read this: > https://swtch.com/~rsc/regexp/regexp1.html > > Regards, > Víctor > > On Tue, Oct 10, 2017 at 11:27 PM, Igor Polevoy <[email protected] > <javascript:>> wrote: > >> Hi, >> what would you recommend to convert the old rules that contain back >> references to the ones that will work with YARA 3.x? >> It looks like quite a lot of work to do the conversion for even something >> simple as the following that tries to match repetition of the character... >> >> *strings:* >> * s=([a-zA-z])\1{2,6}* >> >> Is it possible to feed the specific rules to eg PCRE? >> >> Thx >> Igor >> >> -- >> You received this message because you are subscribed to the Google Groups >> "YARA" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected] <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
