1
00:00:00,390 --> 00:00:11,820
And Lo and welcome in this video, I will show you how to fix a problem when using YAARA and PDF passa.

2
00:00:12,630 --> 00:00:22,080
For example, if I have a malicious PDF document called that video and if I try to scan it for this

3
00:00:22,230 --> 00:00:32,250
kind of parameter PDF passer by, QWhy meaning using the file and I'm using the index for here, that

4
00:00:32,250 --> 00:00:34,480
PDF is my pediatrician.

5
00:00:34,570 --> 00:00:44,310
Once again, if I were to scanning like this, you find two areas for error is now use that as a root

6
00:00:44,310 --> 00:00:44,730
error.

7
00:00:44,730 --> 00:00:48,800
Second error is the can opener include the far.

8
00:00:49,730 --> 00:00:58,920
And this area is there are two areas, so we'll deal with the second area of canning opening too far.

9
00:00:59,540 --> 00:01:06,380
So what this means is that you cannot understand the a slash, even though he's he's over there.

10
00:01:07,250 --> 00:01:10,190
I installed my rules in this location.

11
00:01:13,550 --> 00:01:20,350
So this is where I put my YAARA rules in here.

12
00:01:24,270 --> 00:01:27,150
And this is my in index.

13
00:01:27,510 --> 00:01:30,630
Why are you over here?

14
00:01:31,990 --> 00:01:35,230
And then these include following his.

15
00:01:36,400 --> 00:01:42,940
That show which is over here, so by right, you should be correct, that says she should be visible,

16
00:01:43,510 --> 00:01:44,940
but still Eurocurrency.

17
00:01:45,460 --> 00:01:51,650
So in order to fix that, we need to open the index Yaffa and make some amendments to it.

18
00:01:52,210 --> 00:02:02,350
So currently, if you were to look at your index here file, you will find that it is quite a long list

19
00:02:02,400 --> 00:02:04,510
waiting around for finer lines.

20
00:02:04,960 --> 00:02:11,730
And all of them has got this kind of format, a slash relative path.

21
00:02:12,250 --> 00:02:17,190
So we need to change our destructive path to absolute path.

22
00:02:17,680 --> 00:02:25,120
That means we have to change this file and instead of the forward slash, we need to put the absolute

23
00:02:25,120 --> 00:02:25,490
path.

24
00:02:26,510 --> 00:02:29,710
So it was absolute poverty, absolute poverty statute.

25
00:02:29,710 --> 00:02:32,880
It passed to the IRS folder.

26
00:02:33,190 --> 00:02:37,890
So to get that pie, this is a popular WD and you get this.

27
00:02:38,170 --> 00:02:48,270
So we need to take this path and inserted into every single line over here, replace the dot forward,

28
00:02:48,280 --> 00:02:50,170
slash to the path.

29
00:02:50,980 --> 00:02:51,370
Right.

30
00:02:51,940 --> 00:02:55,140
That we can do by hand because there are about four or five hundred lines.

31
00:02:55,150 --> 00:02:57,340
So I written a script to automate it.

32
00:02:58,330 --> 00:03:05,200
So the script is found in Yahoo's files, Yahoo's fixes it file.

33
00:03:05,890 --> 00:03:15,900
So all you need to do is just copy this and put it in your location, maybe in this folder out here.

34
00:03:16,870 --> 00:03:23,800
So I'm going to go to this folder now and see this zero six.

35
00:03:25,420 --> 00:03:26,120
So I will.

36
00:03:26,340 --> 00:03:26,780
The Angel.

37
00:03:26,800 --> 00:03:27,250
Come on.

38
00:03:27,940 --> 00:03:28,270
Is it.

39
00:03:31,050 --> 00:03:31,700
So this No.

40
00:03:31,710 --> 00:03:31,900
One.

41
00:03:32,610 --> 00:03:41,460
So this is the fixie next script, which I written, so inside it you can enter the folder.

42
00:03:47,880 --> 00:03:48,250
Inside.

43
00:03:50,160 --> 00:03:52,020
You have to edit the file

44
00:03:54,870 --> 00:03:59,220
to change its name to the park containing your index.

45
00:03:59,430 --> 00:04:05,360
Yeah, for me, the Puffy's home remarks smell the rules, but for you it may be different.

46
00:04:05,880 --> 00:04:07,500
So you need to change it accordingly.

47
00:04:08,190 --> 00:04:09,450
I have created

48
00:04:12,840 --> 00:04:16,830
MiFi here to give you some instructions on how you can edit it.

49
00:04:17,400 --> 00:04:18,590
So just go and read it.

50
00:04:19,230 --> 00:04:24,770
It tells you that if your POV is not same like mine, then you need to change this accordingly.

51
00:04:24,780 --> 00:04:31,320
So if your path, my path assumes that I'm I'm having this path to Maru's.

52
00:04:32,160 --> 00:04:35,600
So that's why this instruction is like this.

53
00:04:36,000 --> 00:04:39,870
But if your path is different, for example, your path is like this.

54
00:04:40,980 --> 00:04:48,060
They're not homeowners who are rules, then you should edit your online as follows like this.

55
00:04:48,260 --> 00:04:49,740
OK, just changing accordingly.

56
00:04:50,680 --> 00:04:53,730
After that you have to make this executable.

57
00:04:54,690 --> 00:05:01,200
So to make the file executable, you need it doesn't need to file is not executable.

58
00:05:04,670 --> 00:05:15,520
So to me, executable, you see, and the executable to the script and now you check it again is nice,

59
00:05:15,940 --> 00:05:20,070
as you can see how that works and then make sure that this file.

60
00:05:20,090 --> 00:05:25,410
Now you need to copy into the same folder as your index.

61
00:05:25,430 --> 00:05:25,840
Yeah.

62
00:05:26,540 --> 00:05:32,600
So your index here is in the arrows for folder.

63
00:05:33,590 --> 00:05:34,890
Indexes here.

64
00:05:35,450 --> 00:05:46,460
So you need to copy this file there, so you go to your IRS screen copy, put it inside your Yahoo's

65
00:05:46,460 --> 00:05:49,870
folder that contains your index here, petechia.

66
00:05:50,300 --> 00:05:50,830
There you go.

67
00:05:51,410 --> 00:05:53,150
After that, you can execute it.

68
00:05:53,180 --> 00:05:55,790
So just change the folder into your Yahoo!

69
00:05:55,880 --> 00:05:56,370
Folder.

70
00:05:57,920 --> 00:06:02,090
Make sure that it is De Index.

71
00:06:02,960 --> 00:06:04,220
Check your fix.

72
00:06:05,330 --> 00:06:13,550
Fixing then you can ask them, is clear the screen so executed, just fix fixing nice and execute it.

73
00:06:14,240 --> 00:06:23,450
So now if you were to change your index here, you will find that now the downfall of Slash has been

74
00:06:23,450 --> 00:06:25,150
replaced by an absolute path.

75
00:06:25,610 --> 00:06:25,860
Zero.

76
00:06:26,930 --> 00:06:27,470
All of it.

77
00:06:27,830 --> 00:06:36,520
So now if you were to run the Cimperman, you get rid of the second error by the first error.

78
00:06:36,530 --> 00:06:37,380
Still persist.

79
00:06:37,450 --> 00:06:38,170
Let's check it out.

80
00:06:42,490 --> 00:06:45,130
So you fixed the second error.

81
00:06:46,000 --> 00:06:48,930
Now we have to fix this error as a result.

82
00:06:49,570 --> 00:06:53,770
Now, this has caused a error in line for a tree.

83
00:06:54,470 --> 00:06:58,700
So if you go to the food for the malware as a rule.

84
00:07:00,430 --> 00:07:06,660
So if you go to the the malware and open up.

85
00:07:09,500 --> 00:07:11,110
More as a rule.

86
00:07:12,830 --> 00:07:13,460
This one.

87
00:07:16,250 --> 00:07:27,080
And you hit over to line twenty three, say in far few names think lying to any tree over here, line

88
00:07:27,080 --> 00:07:30,740
twenty three, this is your area, as I see.

89
00:07:32,140 --> 00:07:38,650
Right, Kyouko is not installing this Linux, I'm using Ram Doximity, so in order to fix that, you

90
00:07:38,650 --> 00:07:41,290
need to get rid of any references to coocoo.

91
00:07:41,650 --> 00:07:52,930
So to do that and just modify this file, taking away D-line, delete all this line after here like

92
00:07:52,930 --> 00:07:55,690
this and also delete this line.

93
00:07:57,540 --> 00:07:58,050
All right.

94
00:07:58,360 --> 00:08:06,720
Now, if you want to take the trouble to do it, you can just copy the editor and overwrite so on.

95
00:08:06,760 --> 00:08:08,390
So maybe that's easier for you.

96
00:08:08,800 --> 00:08:15,790
So I've already got the file editor inside the Yellow Rose Hieroglyphics folder.

97
00:08:16,240 --> 00:08:23,350
So you just take the officeholder I or the editor for you copy this and will write the version that

98
00:08:23,350 --> 00:08:33,870
you have in your Uros malware folder over here and here to replace it.

99
00:08:33,890 --> 00:08:44,110
So just replace and should be done soon after every place that you can run this command.

100
00:08:46,640 --> 00:08:59,000
And see what happens and is not working, so this is how you solve this error in the Yarra rules when

101
00:08:59,000 --> 00:09:08,850
you are using the passer Fidesz violation to Kenyata while running Professor.

102
00:09:09,590 --> 00:09:11,690
OK, I hope this was helpful to you.

103
00:09:12,200 --> 00:09:13,460
So thank you for watching.

104
00:09:13,880 --> 00:09:14,830
See you the next one.