I still can not replicate your problem.
A couple of things to note however:
"internal error: 30" is because there are too many matches, which happens when
a single string matches too many times. It has nothing to do with file size
like you guessed.
Your "newline_one" rule is marked as private
You're correct, thanks for the correction. Still, the point stands.
Den onsdag den 16. august 2017 kl. 12.26.18 UTC+2 skrev Jonás Andradas:
>
> Hi,
>
> maybe I am wrong here, but the misc.yar rule you are including will only
> match if there is only *one* newline in the file, so you currently wo
Hi,
maybe I am wrong here, but the misc.yar rule you are including will only
match if there is only *one* newline in the file, so you currently would
not "require an actually large file that contains newlines", but a file
that has exactly one new line (and also is larger than the 8MB limit to be
a
Alright, so I've returned with a result:
If I have `~/inc.yar` with the following content:
```
include "./global.yar"
include "./misc.yar"
```
And the content of these files respectively:
```
global rule fsL { condition: filesize < 8MB }
```
And
```
private rule newline_one {
meta:
Hi Wesley,
Sorry for the late reply, vacations and all.
So first and foremost:
`yara -v`
yara 3.5.0
The files getting scanned are reporting ` internal error: 30` which I'm
reading to be due to files being too large. These files are often larger
than 500MB too, well above the 8MB margin.
I'v
