YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.
Recently, we tried to compile YARA
on a Fedora 23
GNU/Linux (running through a qubes-os
version 3).
As the installation guide is directed towards Ubuntu/Debian users, we soon found out that the installation had some missing dependencies. Below, you will find all the steps we followed to download YARA
/ install its dependencies and build it enabling as all optional features.
sudo dnf install automake libtool make gcc flex bison jansson-devel jansson openssl openssl-devel file-libs file-devel python-magic python3-magic; git clone https://github.com/VirusTotal/yara; # Or download a release from: https://github.com/virustotal/yara/releases/tag/v3.8.1 cd yara; ./bootstrap.sh; ./configure --enable-cuckoo --enable-magic --enable-dotnet; make; sudo make install;
This information is an extension to the installation guide.
This post is also available in: Αγγλικα