I tried installing Yara 3.8.1 with androguard module. During the installation, I faced this issue, so I applied the patch given by @reox to the androguard.c file and it solved the problem. After that I tried a simple Yara rule with import "androguard" using command-line and it worked perfectly. Then I tried to use Yara rules inside my python app so I installed yara-python and used it in this way:
import yara
dex_path = './classes.dex'
my_rule = './rule.yar'
json_data = load_json_data()
rule = yara.compile(my_rule)
matches = rule.match(filepath=dex_path, modules_data={'androguard': json_data})
print(matches)
The match function works good when using Yara rules without import "androguard" module but when I want to apply a rule which imports androguard, the match function gives an error :
yara.Error: could not map file "./classes.dex" into memory
I'm applying a simple rule to an small file, in order of KB. I think that the problem is with the androguard module since when I remove the import "androguard", it works correctly. Any idea?
I had the same mistake with androguard, I solve the problem installing yara-python in the version 3.8.0
https://github.com/VirusTotal/yara-python/releases/tag/v3.8.0