Installing Latest Yara That Works With Automake-1.11

2013-01-25 21:16:27 by chort

If you still run Ubuntu 10.04 (or another OS that can't upgrade automake past 1.11), you'll find that Yara 1.7 (last SVN version) won't build. You'll probably get something like this:

configure.ac:3: unknown warning category `no-extra-portability'

This is a quick post to show you how to get the latest 1.6 bugfixes (i.e. updated past the 1.6 tarball release) without breaking the build.

First off, I recommend installing RE2 for better performance (allegedly, I cannot confirm). Once you've done that, follow these easy steps (don't miss -r 162, that's the critical bit!):

$ rm -rf yara-project-read-only
$ svn checkout -r 162 http://yara-project.googlecode.com/svn/trunk/ yara-project-read-only
$ cd yara-project-read-only
$ ./configure --with-re2
$ ./bootstrap.sh
$ make
$ sudo make install
$ cd  yara-python
$ python setup.py build
$ sudo python setup.py install
$ sudo ldconfig

Boom, done!

SF Bay Area DFIR Meetup January 31st

2013-01-12 16:24:44 by chort

Big news, AlienVault has agreed to play host, and they'll provide pizza and beer to boot! We also have a set date now, so without further ado, here's what to put on your calendar.

Read the rest of this story...