search for: 3a25f43

...--git a/appliance/packagelist.in b/appliance/packagelist.in index f278f66..5982df8 100644 --- a/appliance/packagelist.in +++ b/appliance/packagelist.in @@ -232,6 +232,7 @@ jfsutils kmod less libxml2 +libyara3 lsof lsscsi lvm2 diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 23f60eb..3a25f43 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -222,7 +222,8 @@ guestfsd_LDADD = \ $(LIBINTL) \ $(SERVENT_LIB) \ $(PCRE_LIBS) \ - $(TSK_LIBS) + $(TSK_LIBS) \ + $(YARA_LIBS) guestfsd_CPPFLAGS = \ -I$(top_srcdir)/gnulib/lib \ diff --git a/m4/guestfs_daemon.m4 b/m4/guestfs_daemo...

...n reality it's a hard dependency: mtools @@ -125,6 +127,7 @@ ifelse(ARCHLINUX,1, vim xz yajl + yara ) ifelse(SUSE,1, @@ -152,6 +155,7 @@ ifelse(SUSE,1, systemd vim xz + yara ) ifelse(FRUGALWARE,1, diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 23f60eb..3a25f43 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -222,7 +222,8 @@ guestfsd_LDADD = \ $(LIBINTL) \ $(SERVENT_LIB) \ $(PCRE_LIBS) \ - $(TSK_LIBS) + $(TSK_LIBS) \ + $(YARA_LIBS) guestfsd_CPPFLAGS = \ -I$(top_srcdir)/gnulib/lib \ diff --git a/m4/guestfs_daemon.m4 b/m4/guestfs_daem...

...in reality it's a hard dependency: mtools @@ -125,6 +127,7 @@ ifelse(ARCHLINUX,1, vim xz yajl + yara ) ifelse(SUSE,1, @@ -153,6 +156,7 @@ ifelse(SUSE,1, systemd vim xz + yara ) ifelse(FRUGALWARE,1, diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 23f60eb..3a25f43 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -222,7 +222,8 @@ guestfsd_LDADD = \ $(LIBINTL) \ $(SERVENT_LIB) \ $(PCRE_LIBS) \ - $(TSK_LIBS) + $(TSK_LIBS) \ + $(YARA_LIBS) guestfsd_CPPFLAGS = \ -I$(top_srcdir)/gnulib/lib \ diff --git a/m4/guestfs_daemon.m4 b/m4/guestfs_daemo...

...| 1 + daemon/yara.c | 205 +++++++++++++++++++++++++++++++++++++++++++++++++++ generator/actions.ml | 15 ++++ src/MAX_PROC_NR | 2 +- 4 files changed, 222 insertions(+), 1 deletion(-) create mode 100644 daemon/yara.c diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 3a25f43..c385edc 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -200,6 +200,7 @@ guestfsd_SOURCES = \ wc.c \ xattr.c \ xfs.c \ + yara.c \ zero.c \ zerofree.c diff --git a/daemon/yara.c b/daemon/yara.c new file mode 100644 index 0000000..0d085a8 --- /dev/null +++ b/daemon/yara.c @@ -...

Yara is a rule based scanning engine aimed to help malware analysts in finding and classifying interesting samples. https://github.com/VirusTotal/yara This series adds Yara support to Libguestfs allowing to upload sets of rules and scanning files against them. Currently provided APIs: - yara_load: loads a set of rules - yara_destroy: free resources allocated by loaded rules - yara_scan:

...| 9 ++ daemon/yara.c | 227 +++++++++++++++++++++++++++++++++++++++++++++++++++ generator/actions.ml | 18 ++++ src/MAX_PROC_NR | 2 +- 6 files changed, 284 insertions(+), 1 deletion(-) create mode 100644 daemon/yara.c diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 3a25f43..c385edc 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -200,6 +200,7 @@ guestfsd_SOURCES = \ wc.c \ xattr.c \ xfs.c \ + yara.c \ zero.c \ zerofree.c diff --git a/daemon/cleanups.c b/daemon/cleanups.c index 092e493..a02e521 100644 --- a/daemon/cleanups.c +++ b/daemon/cleanu...

v3: - allow to load multiple rule files - added optional namespace parameter to yara_load - move destructor logic in yara module - use generic file upload logic - use generic temporary path function Matteo Cafasso (6): appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests

v2: - Fix yara dependency in packagelist - Use pkg-config where available - Improve longdesc of yara_load API - Fix libyara initialization and finalization - Import CLEANUP_FCLOSE - Add custom CLEANUP_DESTROY_YARA_COMPILER - Add rules compilation error callback - Other small fixes according to comments Matteo Cafasso (6): appliance: add yara dependency New API: yara_load New API: