From d5dbefbd1b9f6fff4f44d96c4b1dd48e504904db Mon Sep 17 00:00:00 2001 From: Victor Manuel Alvarez Date: Thu, 26 Dec 2013 15:01:02 +0100 Subject: [PATCH] Explain drawbacks for YARA 2.0 --- README.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 56904e5d2a..f321082006 100644 --- a/README.md +++ b/README.md @@ -69,11 +69,20 @@ can use pre-compiled rules without having to parse them again, or you can share rules with someone else without revealing the actual source code (but beware that each time you do that God kills a kitten). -YARA 2.0 is backward compatible with versions 1.X in terms of rules' syntax and -behavior, and the yara-python module hasn't changed its interface. But if you're -a developer using the C API provided by libyara, you will need to make some -changes to your application in order to adapt it to YARA 2.0. But don't worry, -it won't be too much work and the benefits worth the effort. +The drawsbacks for this rewrite are: + +* You can find some incompatibilities in regular expressions. YARA 2.0 replaced +external libraries like PCRE or RE2 with its own regular expression engine. Most +regular expression features are present in the new implementation, but a few +ones like POSIX character classes and backreferences are missing. If you were +using RE2 instead of PCRE with previous versions of YARA you won't miss +backreferences, because RE2 don't support them neither. + +* The C API provided by libyara has changed. If you're a developer using this +API you'll need to make some changes to your application in order to adapt it +to YARA 2.0. But don't worry, it won't be too much work and the benefits worth +the effort. Users of yara-python are not affected, the Python interface remains +the same. ## Who's using YARA