Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
fix: don't scan mapped devices on linux
On Linux, process scans with YARA hang if the process has mapped devices into its virtual memory (see issue #1929). Blacklist device ID 0,5 which is used by the kernel for files like devices that do not originate from any device themselves. Unfortunately, this behavior seems to be undocumented; the only documentation for device IDs I could find is https://www.kernel.org/doc/Documentation/admin-guide/devices.txt.
- Loading branch information