Robert Giczewski

Malware Analysis, Forensics, Threat Intelligence, Coding, Tech, Video Games

How to install yara from source on macOS Monterey (M1)?

22 Jun 2022 » tooling

Every time I get a new system, I try to forget my old one and start from scratch which means ditching a lot of tools I no longer use and focusing only on what I really need. Unfortunately, I often spend a lot of time thinking about how I installed some tools, because they usually don’t work out of the box. But this is now changing. For every tool that I can’t get to run out-of-the-box, I will write an installation guide on this blog to make life easier for me, and possibly other people.

I will start with YARA, which I will install from source including all modules.

The official installation guide from YARA will help us with this.

Before downloading the source code from YARA, we need to make sure that automake, libtool, make and gcc and pkg-config are installed on our system. To do so, we use brew.

brew install automake
brew install libtool
brew install make
brew install gcc
brew install pkg-config
brew install flex
brew install bison
brew install jansson
brew install openssl
brew install libmagic

Next step will be to get the YARA source from https://github.com/VirusTotal/yara/releases and following the official installation guide.

tar -zxf yara-4.2.0.tar.gz
cd yara-4.2.0
./bootstrap.sh

After running the bootstrap.sh script, we need to run:

./configure --enable-cuckoo --enable-magic --with-crypto --enable-dex --enable-macho

I received errors that that OpenSSL and Jansson Library could not be found.

To fix it we need to set LDFLAGS and CPPFLAGS properly. The OpenSSL headers and libs can be found in /opt/homebrew/opt/openssl@3/include and /opt/homebrew/opt/openssl@3/lib and the Jansson headers and libs can be found in /opt/homebrew/include and /opt/homebrew/lib so the flags must be as follows:

export LDFLAGS="-L/opt/homebrew/opt/openssl@3/lib -L/opt/homebrew/lib"
export CPPFLAGS="-I/opt/homebrew/opt/openssl@3/include -I/opt/homebrew/include"

The configure script should now run without errors. Finally, we make, let the tests run and install via make install and we are ready to go.

make
make check

All tests should pass:

Finally install via:

sudo make install

Related Posts