Without details on the desired use of capture groups, this question is difficult to answer. I recommend adding a detailed feature request that includes one or more examples that fail to match the target file without a capture group.
YARA moved away from PCRE/RE2 in YARA 2.0, which also had a significant performance increase. https://github.com/VirusTotal/yara/tree/v2.0.0 https://www.youtube.com/watch?v=ApAFU5ROo10 If you just want remove parts of the matched string, that can be done in yara-python. If you want to include the regexp with the capture group in the rule itself, I'd recommend looking at how stoQ identifies the XOR key with yarascan. On Tuesday, June 22, 2021 at 9:14:03 PM UTC+2 [email protected] wrote: > Hi, > > Is there a chance that capture groups will ever be implemented in yara? > > Thanks, > Dan N > -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/yara-project/302fabc6-74f2-4a13-8733-d86b075405een%40googlegroups.com.
