make check error: invalid field name "type"

[Mengpolar]

Describe the bug
make check error.

To Reproduce

# ./bootstrap.sh
...
# ./configure --enable-cuckoo --enable-magic --enable-dotnet
...
# make
...
# sudo make install
...
# make check
...
PASS: test-async
PASS: test-string
PASS: test-exception
PASS: test-dotnet
FAIL: test-magic
============================================================================
Testsuite summary for yara 4.3.1
============================================================================
# TOTAL: 17
# PASS:  16
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0
============================================================================
See ./test-suite.log
Please report to vmalvarez@virustotal.com
============================================================================
make[3]: *** [Makefile:2588: test-suite.log] Error 1
make[3]: Leaving directory '/opt/yara-4.3.1'
make[2]: *** [Makefile:2696: check-TESTS] Error 2
make[2]: Leaving directory '/opt/yara-4.3.1'
make[1]: *** [Makefile:3036: check-am] Error 2
make[1]: Leaving directory '/opt/yara-4.3.1'
make: *** [Makefile:3038: check] Error 2

test-suite.log

==================================
   yara 4.3.1: ./test-suite.log
==================================

# TOTAL: 17
# PASS:  16
# SKIP:  0
# XFAIL: 0
# FAIL:  1
# XPASS: 0
# ERROR: 0

.. contents:: :depth: 2

FAIL: test-magic
================

failed to compile rule << import "magic" rule test { condition:       magic.type() contains "ELF" } >>: line 1: invalid field name "type"
FAIL test-magic (exit status: 1)

and

# file --version
file-5.38

Expected behavior
All PASS.

Screenshots

Please complete the following information:

• OS:
  Ubuntu 20.04
  Linux test 5.4.0-26-generic # 30-Ubuntu SMP Mon Apr 20 16:58:30 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
• YARA version: 4.3.1

[Mengpolar]

I tried to recompile and succeeded :)

# rm -rf yara-4.3.1
# tar -zxf yara-4.3.1.tar.gz
# cd yara-4.3.1
# ./bootstrap.sh
# ./configure --enable-cuckoo --enable-magic --enable-dotnet --with-crypto
# make
# sudo make install
# make check
...
make[2]: Leaving directory '/opt/yara-4.3.1'
make  check-TESTS
make[2]: Entering directory '/opt/yara-4.3.1'
make[3]: Entering directory '/opt/yara-4.3.1'
PASS: test-arena
PASS: test-alignment
PASS: test-atoms
PASS: test-api
PASS: test-rules
PASS: test-pe
PASS: test-elf
PASS: test-version
PASS: test-bitmask
PASS: test-math
PASS: test-stack
PASS: test-re-split
PASS: test-async
PASS: test-string
PASS: test-exception
PASS: test-dotnet
PASS: test-magic
============================================================================
Testsuite summary for yara 4.3.1
============================================================================
# TOTAL: 17
# PASS:  17
# SKIP:  0
# XFAIL: 0
# FAIL:  0
# XPASS: 0
# ERROR: 0
============================================================================
make[3]: Leaving directory '/opt/yara-4.3.1'
make[2]: Leaving directory '/opt/yara-4.3.1'
make[1]: Leaving directory '/opt/yara-4.3.1'

[plusvic]

I was pulling my hair trying to reproduce the issue, without success. I don't know how something like that would happen. What if you try recompiling again? Maybe the issue is flaky but still reproducible?

[Malwarebinary]

I had the same issue while running the make test command at the end of the install process. When reading the VT documentation regarding the magic module, there is a mention about the database file /etc/magic.mgc that was not found on my system.

Previously, I had upgraded my Ubuntu system to version 22.04 and I believe the library libmagic-dev has been installed on my previous Ubuntu version 20.04. From there, I have found the file on the web and I put it in the expected location. After that, I started the installation from scratch (same install commands as @Mengpolar) and it worked.