YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
Recently, we tried to compile
YARA on a
Fedora 23 GNU/Linux (running through a
qubes-os version 3).
As the installation guide is directed towards Ubuntu/Debian users, we soon found out that the installation had some missing dependencies. Below, you will find all the steps we followed to download
YARA / install its dependencies and build it enabling as all optional features.
sudo dnf install automake libtool make gcc flex bison jansson-devel jansson openssl openssl-devel file-libs file-devel python-magic python3-magic; git clone https://github.com/VirusTotal/yara; # Or download a release from: https://github.com/virustotal/yara/releases/tag/v3.8.1 cd yara; ./bootstrap.sh; ./configure --enable-cuckoo --enable-magic --enable-dotnet; make; sudo make install;
This information is an extension to the installation guide.
This post is also available in: Αγγλικα