Is it possible to use a separate user-created module that will take care of the specific rules so e.g. all backref rules will be passed to some PCRE engine?
On Thursday, 12 October 2017 08:16:13 UTC-7, Víctor Manuel Álvarez García wrote: > > No, unfortunately there's no way to solve that, except porting the rules. > > On Wed, Oct 11, 2017 at 7:01 PM, Igor Polevoy <igor.p...@gmail.com > <javascript:>> wrote: > >> Hi Victor >> Yes, I know that YARA does not support back reference, but we still have >> the old rules that we will need to port somehow. >> So my question is, since it looks currently as a long effort to do the >> manual conversion, >> is there a possibility to use another module to process the back >> reference rules in the meantime? Is such a thing supported? >> >> thank you >> Igor >> >> On Wednesday, 11 October 2017 09:32:50 UTC-7, Víctor Manuel Álvarez >> García wrote: >>> >>> Hi Igor, >>> >>> Back references are not supported anymore as YARA now uses its own >>> regexp engine and not PCRE. YARA's regexp engine is more similar to RE2, >>> which doesn't implement back references neither. For a more detailed >>> explanation of why back references are not supported by RE2 nor YARA read >>> this: https://swtch.com/~rsc/regexp/regexp1.html >>> >>> Regards, >>> Víctor >>> >>> On Tue, Oct 10, 2017 at 11:27 PM, Igor Polevoy <igor.p...@gmail.com> >>> wrote: >>> >>>> Hi, >>>> what would you recommend to convert the old rules that contain back >>>> references to the ones that will work with YARA 3.x? >>>> It looks like quite a lot of work to do the conversion for even >>>> something simple as the following that tries to match repetition of the >>>> character... >>>> >>>> *strings:* >>>> * s=([a-zA-z])\1{2,6}* >>>> >>>> Is it possible to feed the specific rules to eg PCRE? >>>> >>>> Thx >>>> Igor >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "YARA" group. >>>> To unsubscribe from this group and stop receiving emails from it, send >>>> an email to yara-project...@googlegroups.com. >>>> For more options, visit https://groups.google.com/d/optout. >>>> >>> >>> -- >> You received this message because you are subscribed to the Google Groups >> "YARA" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to yara-project...@googlegroups.com <javascript:>. >> For more options, visit https://groups.google.com/d/optout. >> > > -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to yara-project+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
