[Vol-users] Traceback errors when using yara

Greetings, I'm seeing the following errors when attempting to run volatility with 'malfind' and referencing yara. This used to work fine on yara 1.4, but now fails on 1.6. I'm wondering what might have happened and how to resolve it. ~/vol.py -f purple.vmem --profile=WinXPSP3x86 malfind -D /home/apollo/workspace/dump_dir/ --yara-rules="http://" -p 1004 Volatile Systems Volatility Framework 2.1_alpha Name Pid Start End Tag Hits Protect Traceback (most recent call last): File "/home/apollo/vol.py", line 135, in <module> main() File "/home/apollo/vol.py", line 126, in main command.execute() File "/home/sportivo/tools/Volatility/volatility/commands.py", line 101, in execute func(outfd, data) File "/home/sportivo/tools/Volatility/volatility/plugins/malware.py", line 1042, in render_text for (name,pid,start,end,tag,prx,fname,hits,chunk) in data: File "/home/sportivo/tools/Volatility/volatility/plugins/malware.py", line 992, in calculate for ps_ad, start, end, tag, prx, data in self.get_vads(proc): File "/home/sportivo/tools/Volatility/volatility/plugins/malware.py", line 923, in get_vads yield (ps_ad, start, end, vad.Tag, vad.Flags.Protection >> 24, data) File "/home/sportivo/tools/Volatility/volatility/obj.py", line 777, in __getattr__ return self.m(attr) File "/home/sportivo/tools/Volatility/volatility/obj.py", line 762, in m raise AttributeError("Struct {0} has no member {1}".format(self.obj_name, attr)) AttributeError: Struct VadRoot has no member Flags Any thoughts or ideas are welcome. Thanks! Andre' -- Andre' M. DiMino DeepEnd REsearch http://deependresearch.org http://sempersecurus.org "Make sure that nobody pays back wrong for wrong, but always try to be kind to each other and to everyone else" - 1 Thess 5:15 (NIV)