Comments (3)
austinbyers
commented on May 18, 2024
I've confirmed that this error can happen even with the max Lambda memory allocation (1.5 GB) and with any size input file. Perhaps the number / size of the YARA rules are to blame?
from binaryalert.
austinbyers
commented on May 18, 2024
I think I've tracked it down: a recent commit to Neo23x0/signature-base adds a new rule which includes a pe.imphash condition.
The YARA rules successfully compile and load in Lambda, but they fail with the memory mapping error when matching against most Windows binaries. My best guess is that this fails because of #30 (hash module not yet supported in BinaryAlert)
So the solution for now is to disable all rules which use pe.imphash. I will add a check to enforce this with unit tests since it is so hard to debug.
from binaryalert.
austinbyers
commented on May 18, 2024
An easy way to disable the relevant rules files is to rename rules_file.yar to rules_file.yar.DISABLED. BinaryAlert only includes files ending in .yar or .yara, so these files will be excluded from the next deploy.
from binaryalert.
Related Issues (20)
- Deploy errors using the IAM Group HOT 2
- carbon_black_timeout
- AWS S3 Bucket Antivirus enterprise cloud Scanning Solution
- How to access s3 bucket using ssl?
- Cloudwatch Alarm Statistic for downloader_sqs_age
- I made SAM-Binary Alert (BETA)! You can deploy SAR or SAM CLI in an instant. HOT 1
- trying to use a custom role - where all do I change it? HOT 5
- New Release for binaryalert
- Terraform 0.13 Support - Remove var.enabled
- Provide a means of automatically building yara rules
- SNS topics should be encrypted too
- Add descriptions to variables
- Support customer managed KMS keys for dynamo DB
- Attach less restrictive SNS policies to topics
- Allow binaryalert to scan buckets created outside of module
- Created S3 buckets should block public access
- Permit a method of retro scanning without manage.py
- Feature Request - Summary returns a list of matches rather than a dict?
- FAIL: Expected DynamoDB entries for the test files were *not* found
- Python update to latest lambda supported version 3.9
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from binaryalert.