Hello all, I experienced the following situation: Imagine you have a rule with a short string pattern. If you execute the rule on a file that is very large and contains the string many times, YARA exits with
error scanning "file": string "$string" in rule "rule" caused too many matches This is expected and the guidelines warn about using "Uniform Content" https://gist.github.com/Neo23x0/e3d4e316d7441d9143c7 However, the error result is the same even if you try to limit the scan to small files with the filesize keyword. I expected that short-circuit evaluation would apply here and strings wouldn't be evaluated and no error received. This could be dangerous in situations when you have a YARA file containing many rules. Perhaps one would not bother if a poorly written rule fails, but this would also fail all other rules as well. Any comments welcome Kind regards Peter Kalnai -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/yara-project/6340b797-a58b-4aeb-b061-ee977122b075n%40googlegroups.com.
