Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Facing issue when try to run this Python multiscanner.py <filename> #146

Open
kjaisinghyadav opened this issue Jun 13, 2018 · 6 comments
Open

Facing issue when try to run this Python multiscanner.py <filename> #146

kjaisinghyadav opened this issue Jun 13, 2018 · 6 comments

Comments

@kjaisinghyadav
Copy link

Hi,
I am facing this issue when i try to execute this
python multiscanner.py "/home/ml/Desktop/All_Exe/pxBinaryViewerSetup_xcsadds.exe"
/usr/lib/libyara.so: undefined symbol: lookup_rule
/multiscanner/modules/Signature/YaraScan.py not a valid module...
officemeta Could not parse file as an office document

I am using Ubuntu 16.04 and i installed all requirements from "requirement.txt" file.
@Drewsif
Copy link
Contributor

Drewsif commented Jun 13, 2018

It looks like you might have the wrong version of Yara installed. Did you use the install script to install yara or did you use another method?

@kjaisinghyadav
Copy link
Author

i used script only to install.

@awest1339
Copy link
Contributor

Are you able to run yara itself from the cmd line? (http://yara.readthedocs.io/en/v3.7.0/gettingstarted.html#running-yara-for-the-first-time).

Additionally, are you able to run $ python -c 'import yara' without any errors?

@kjaisinghyadav
Copy link
Author

yes, i am able to run yara from cmd line and i am running this in ubuntu.
when i am running this $ python -c 'import yara' i am getting this error

Traceback (most recent call last):
File "", line 1, in
File "/usr/local/lib/python2.7/dist-packages/yara/init.py", line 7, in
from yara.rules import compile
File "/usr/local/lib/python2.7/dist-packages/yara/rules.py", line 17, in
from yara.libyara_wrapper import *
File "/usr/local/lib/python2.7/dist-packages/yara/libyara_wrapper.py", line 362, in
libyaradll.lookup_rule.restype = POINTER(RULE)
File "/usr/lib/python2.7/ctypes/init.py", line 375, in getattr
func = self.getitem(name)
File "/usr/lib/python2.7/ctypes/init.py", line 380, in getitem
func = self._FuncPtr((name_or_ordinal, self))
AttributeError: /usr/lib/libyara.so: undefined symbol: lookup_rule

@crypticspawn
Copy link

crypticspawn commented Aug 12, 2019
edited

I also have this issue. When I run nm -Ca on libyara.so, there is no reference to lookup_rule in it.

Does anyone know which version has this reference?

@4thel00z
Copy link

4thel00z commented Aug 7, 2021

you need to :

  1. pip install yara
  2. inspect the site packages where the libyara.so lies
  3. use strace to determine where it tries to do the dlopen
  4. symlink the earlier found libyara.so to that path

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Drewsif @crypticspawn @awest1339 @4thel00z @kjaisinghyadav