YARA-X 1.11.0 Released with New Hash Function Warnings

VirusTotal has released YARA-X 1.11.0, delivering a series of engine-level improvements to make rule writing safer, more predictable, and easier to debug for malware analysts and detection engineers.

The highlight of this release is a new class of hash function comparison warnings designed to catch logic errors in rules before they reach production.

YARA-X, a Rust-based reimplementation of YARA, is already in large-scale production at VirusTotal, where

it scans billions of files against tens of thousands of rules.

Version 1.11.0 continues that “battle‑tested” trajectory by tightening the parser, improving module coverage, and resolving several edge-case panics and parsing bugs.

A key change in this release is a new warning when the result of multiple hash functions is compared against strings that cannot match those hashes.

This addresses a common mistake in which analysts inadvertently compare a hash output to an invalid or incompatible literal, resulting in rules that never fire silently. By raising explicit warnings, YARA-X now helps authors catch these issues early in testing.

The release also introduces a warning when a global rule is used directly in a condition, further encouraging clearer and more maintainable rule logic in large rulebases.

On the feature side, YARA-X 1.11.0 adds a dex module, expands the macho A module to handle additional load commands, and implements permhash for the crx module, strengthening support for PE, Mach-O, and Chrome extension analysis workflows.

For developers, the update includes an improved C API console log and a new imports() method on the Rules object in the Python API, enabling easier introspection of rule dependencies in automation pipelines.

Several bug fixes address panics when comparing booleans, handling invalid Unicode escape sequences, and parser issues, and ensure the Python module no longer acquires the GIL during scan operations, benefiting concurrent scanning setups.

Prebuilt binaries are available for Windows, Linux, and macOS across x86_64 and aarch64, making it straightforward for security teams to integrate YARA-X 1.11.0 into existing detection, triage, and sandboxing environments.

At the time of writing, no CVEs have been assigned specifically to YARA-X 1.11.0. The fixes in this release primarily address stability and correctness, rather than disclosed security vulnerabilities.

Follow us on Google News , LinkedIn and X to Get More Instant Updates. Set Cyberpress as a Preferred Source in Google.

The post YARA-X 1.11.0 Released with New Hash Function Warnings appeared first on Cyber Security News.