[Forensics-changes] [yara] 344/415: Explain drawbacks for YARA 2.0

Hilko Bengen bengen at moszumanska.debian.org
Thu Apr 3 05:43:22 UTC 2014 

This is an automated email from the git hooks/post-receive script.

bengen pushed a commit to branch debian
in repository yara.

commit d5dbefbd1b9f6fff4f44d96c4b1dd48e504904db
Author: Victor Manuel Alvarez <vmalvarez at virustotal.com>
Date:   Thu Dec 26 15:01:02 2013 +0100

    Explain drawbacks for YARA 2.0
---
 README.md | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 56904e5..f321082 100644
--- a/README.md
+++ b/README.md
@@ -69,11 +69,20 @@ can use pre-compiled rules without having to parse them again, or you can share
 rules with someone else without revealing the actual source code (but beware
 that each time you do that God kills a kitten).
 
-YARA 2.0 is backward compatible with versions 1.X in terms of rules' syntax and
-behavior, and the yara-python module hasn't changed its interface. But if you're
-a developer using the C API provided by libyara, you will need to make some
-changes to your application in order to adapt it to YARA 2.0. But don't worry,
-it won't be too much work and the benefits worth the effort.
+The drawsbacks for this rewrite are:
+
+* You can find some incompatibilities in regular expressions. YARA 2.0 replaced
+external libraries like PCRE or RE2 with its own regular expression engine. Most
+regular expression features are present in the new implementation, but a few
+ones like POSIX character classes and backreferences are missing. If you were
+using RE2 instead of PCRE with previous versions of YARA you won't miss
+backreferences, because RE2 don't support them neither.
+
+* The C API provided by libyara has changed. If you're a developer using this
+API you'll need to make some changes to your application in order to adapt it
+to YARA 2.0. But don't worry, it won't be too much work and the benefits worth
+the effort. Users of yara-python are not affected, the Python interface remains
+the same.
 
 
 ## Who's using YARA

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/forensics/yara.git

More information about the forensics-changes mailing list