Hello,

When I try to use this regular expression:

.*cmd.{0,5}(?:\/c|\/r).+clip(?:\.exe)?.{0,4}&&.+clipboard]::\(\s\\\"\{\d\}.+\-f.+\"

I am faced with the following errors: invalid regular expression "$sens_str1": syntax error, unexpected '?'

I checked my regular expressions and found that there were no errors. I don't know if yara-python doesn't support the scene of '?' in "()".

Can you help me? Thanks

That's because of (?:\/c|\/r) and (?:\.exe). The ?: in front of a capture group usually means that don't want to capture it, but YARA doesn't support capture groups, and ?: is not supported at all. Simply remove the ?:.

That's because of (?:\/c|\/r) and (?:\.exe). The ?: in front of a capture group usually means that don't want to capture it, but YARA doesn't support capture groups, and ?: is not supported at all. Simply remove the ?:.

Get it! Thanks!