search for: guestfs_yara_scan

On Tue, Dec 10, 2019 at 09:19:47AM +0100, Luis wrote: > I am using libguestfs 1.40.2 and yara 3.11.0 but when I execute my program > it thoughts the following error: > > $> ./yara-guestfs > libguestfs: error: yara_load: feature 'libyara' is not available in this > build of libguestfs. Read 'AVAILABILITY' in the guestfs(3) man page for > > If we check

Sorry Richard. Now I will attach you debug file. El 21/12/2019 a las 16:38, Luis Fueris escribió: > > Hi Richard. > > Few days ago, I installed libyara a libguestfs properly. But when I > load a yara rule and scan it via guestfs_yara_scan, my binary > throughts following error: > > libguestfs: error: deserialise_yara_detection_list: Success > > And function exists with NULL value. As we can see this function is on > lib/yara.c from libguestfs git. I think that these yara functions are > an integration for yar...

Hi Richard. Few days ago, I installed libyara a libguestfs properly. But when I load a yara rule and scan it via guestfs_yara_scan, my binary throughts following error: libguestfs: error: deserialise_yara_detection_list: Success And function exists with NULL value. As we can see this function is on lib/yara.c from libguestfs git. I think that these yara functions are an integration for yara C api. All debug and trace log...

...ptional = Some "libyara"; + shortdesc = "load yara rules within libguestfs"; + longdesc = "\ +Upload a set of Yara rules from local file F<filename>. + +Yara rules allow to categorize files based on textual or binary patterns +within their content. +See C<guestfs_yara_scan> to see how to scan files with the loaded rules. + +Rules can be in binary format, as when compiled with yarac command, or +in source code format. In the latter case, the rules will be first +compiled and then loaded. + +Rules in source code format cannot include external files. In such cases, +...

v9: - fixes according to comments Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +-

v8: - Ignore returned value in daemon/upload.c - Report serialization errors in lib/yara.c Matteo Cafasso (8): daemon: ignore unused return value in upload function daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in

v7: - Fixes according to comments - Rebase on top of 1.37.12 Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am

v6: - use new test functions - fix yara_detection struct field names - revert yara_load function to initial version With Pino we were exploring the idea of allowing Users to load multiple rule files with subsequent calls to yara_load API. https://www.redhat.com/archives/libguestfs/2016-November/msg00119.html It turns out impractical due to YARA API limitations. It is possible to load multiple