search for: 0d33d83cd

...teo Cafasso <noxdafox@gmail.com> --- daemon/yara.c | 14 ++++++++++++++ generator/actions_yara.ml | 8 ++++++++ generator/proc_nr.ml | 1 + lib/MAX_PROC_NR | 2 +- 4 files changed, 24 insertions(+), 1 deletion(-) diff --git a/daemon/yara.c b/daemon/yara.c index 0d33d83cd..186a330c1 100644 --- a/daemon/yara.c +++ b/daemon/yara.c @@ -107,6 +107,20 @@ do_yara_load (void) return (ret == ERROR_SUCCESS) ? 0 : -1; } +int +do_yara_destroy (void) +{ + if (rules == NULL) { + reply_with_error ("no yara rules loaded"); + return -1; + } + + yr_rules_dest...

...e CLEANUP_FCLOSE __attribute__((cleanup(cleanup_fclose))) #define CLEANUP_AUG_CLOSE __attribute__((cleanup(cleanup_aug_close))) #define CLEANUP_FREE_STRINGSBUF __attribute__((cleanup(cleanup_free_stringsbuf))) #else diff --git a/daemon/yara.c b/daemon/yara.c new file mode 100644 index 000000000..0d33d83cd --- /dev/null +++ b/daemon/yara.c @@ -0,0 +1,203 @@ +/* libguestfs - the guestfsd daemon + * Copyright (C) 2016 Red Hat Inc. + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Fo...

v6: - use new test functions - fix yara_detection struct field names - revert yara_load function to initial version With Pino we were exploring the idea of allowing Users to load multiple rule files with subsequent calls to yara_load API. https://www.redhat.com/archives/libguestfs/2016-November/msg00119.html It turns out impractical due to YARA API limitations. It is possible to load multiple