Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Volatility Yarascan is throwing an error #389

Open
r4f1 opened this issue Oct 16, 2019 · 5 comments
Open

Volatility Yarascan is throwing an error #389

r4f1 opened this issue Oct 16, 2019 · 5 comments
Labels
distro/sift-community possible bug status/needs-testing wontfix

Comments

@r4f1
Copy link

r4f1 commented Oct 16, 2019

When using yarascan plugin in volatility I get the error shown below. Can you advise how to resolve this please?

vol.py -f ~/Desktop/CTF/OtterCTF/what_the_password_COMPLETED/OtterCTF.vmem --profile=Win7SP1x64 yarascan -Y "Th3"

Volatility Foundation Volatility Framework 2.6
Traceback (most recent call last):
  File "/usr/bin/vol.py", line 192, in <module>
    main()
  File "/usr/bin/vol.py", line 174, in main
    command = cmds[module](config)
  File "/usr/lib/python2.7/dist-packages/volatility/plugins/malware/malfind.py", line 190, in __init__
    help = 'Make the search case insensitive')        
  File "/usr/lib/python2.7/dist-packages/volatility/conf.py", line 363, in add_option
    self.optparser.add_option("-{0}".format(short_option), "--{0}".format(option), **args)
  File "/usr/lib/python2.7/optparse.py", line 1021, in add_option
    self._check_conflict(option)
  File "/usr/lib/python2.7/optparse.py", line 996, in _check_conflict
    option)
optparse.OptionConflictError: option -C/--case: conflicting option string(s): -C
`
@ulisesrc
Copy link

ulisesrc commented Dec 9, 2019

Edit this:
I found a workaround:
Edit the malfind.py file at /usr/lib/python2.7/dist-packages/volatility/plugins/malware/malfind.py

change the short option at Line 189, Original is Capital C letter. In my case I change it to small c letter
config.add_option("CASE", short_option = 'c', default = False, action = 'store_true',

change the short option at Line 195. Original is Capital Y Letter. In my case I change it to capital U letter
config.add_option('YARA-RULES', short_option = 'U', default = None,

Make sure to backup the original file.

Original: #218

@stale
Copy link

stale bot commented Feb 7, 2020

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Feb 7, 2020
@stale stale bot closed this as completed Feb 14, 2020
@dewiestr
Copy link

dewiestr commented Aug 7, 2021

This issue is still in the latest SIFT FYI ...

@ekristen
Copy link
Contributor

Looks like this is the case of conflicting plugins unfortunately. You can try disabling the malware one for now. We try to be very selective in which plugins are added and sometimes conflicts arise because authors use the same CLI options.

@ekristen ekristen reopened this Aug 16, 2021
@stale stale bot removed the wontfix label Aug 16, 2021
@stale
Copy link

stale bot commented Jan 8, 2022

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

@stale stale bot added the wontfix label Jan 8, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
distro/sift-community possible bug status/needs-testing wontfix
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ekristen @ulisesrc @dewiestr @r4f1