View Issue Details

IDProjectCategoryView StatusLast Update
0003519Kali LinuxKali Package Bugpublic2018-01-29 12:49
Reporterphilh Assigned Tog0tmi1k  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version2016.1 
Summary0003519: Kali yara-python bindings not working and Volatility yarascan plugin fails
Description

I'm actually running the 2016.2.11 distro, but there wasn't an option for that in "Product Version" :-) I currently have the following YARA packages installed:

libyara3-3.4.0+dfsg-4 (64-bit)
python-yara-3.5.0+dfsg-2 (64-bit)
yara3-3.4.0+dfsg-4 (64-bit)

However when I try to run the Volatility yarascan plugin I receive the error message "ERROR: volatility.debug: https://plusvic.github.io/yara/".

Also when I start Python 2.7.12+ and try to "import yara" this also fails with the error message "ImportError: /usr/lib/python2.7/dist-packages/yara.x86_64-linux-gnu.so: undefined symbol: yr_finalize".

I would've normally tried to uninstall the yara-python bindings and re-install them, to see if that helped but I'm unable to uninstall them since the Package Manager seems to think that the entire Kali build depends on them and would also require uninstalling!

I'm a little stuck to think what I can do to get the YARA packages working correctly so that I'm able to make use of the Volatility yarascan plugin and use the yara-python bindings in my own code :-(

Activities

philh

philh

2016-09-01 17:21

reporter   ~0005728

Volatility yarascan error should read:

"ERROR: volatility.debug: Please install Yara from https://plusvic.github.io/yara/"

Issue History

Date Modified Username Field Change
2016-08-31 22:02 philh New Issue
2016-09-01 17:21 philh Note Added: 0005728
2018-01-29 12:49 g0tmi1k Assigned To => g0tmi1k
2018-01-29 12:49 g0tmi1k Status new => closed
2018-01-29 12:49 g0tmi1k Resolution open => fixed