Displaying 20 results from an estimated 40 matches for "libyara".
2019 Dec 10
2
Re: Libguestfs with Yara rules error
On Tue, Dec 10, 2019 at 09:19:47AM +0100, Luis wrote:
> I am using libguestfs 1.40.2 and yara 3.11.0 but when I execute my program
> it thoughts the following error:
>
> $> ./yara-guestfs
> libguestfs: error: yara_load: feature 'libyara' is not available in this
> build of libguestfs. Read 'AVAILABILITY' in the guestfs(3) man page for
>
> If we check the manual, in guestfs appears guestfs_yara_load function so
> libyara is installed. I installed and compiled it from tarballs.
This function:
https://gith...
2016 Nov 02
0
[PATCH 1/6] appliance: add libyara dependency
...-
m4/guestfs_daemon.m4 | 8 ++++++++
3 files changed, 11 insertions(+), 1 deletion(-)
diff --git a/appliance/packagelist.in b/appliance/packagelist.in
index f278f66..5982df8 100644
--- a/appliance/packagelist.in
+++ b/appliance/packagelist.in
@@ -232,6 +232,7 @@ jfsutils
kmod
less
libxml2
+libyara3
lsof
lsscsi
lvm2
diff --git a/daemon/Makefile.am b/daemon/Makefile.am
index 23f60eb..3a25f43 100644
--- a/daemon/Makefile.am
+++ b/daemon/Makefile.am
@@ -222,7 +222,8 @@ guestfsd_LDADD = \
$(LIBINTL) \
$(SERVENT_LIB) \
$(PCRE_LIBS) \
- $(TSK_LIBS)
+ $(TSK_LIBS) \
+ $(YARA_LIBS)
guestfsd...
2019 Dec 21
1
Re: Libguestfs with Yara rules error
Sorry Richard. Now I will attach you debug file.
El 21/12/2019 a las 16:38, Luis Fueris escribió:
>
> Hi Richard.
>
> Few days ago, I installed libyara a libguestfs properly. But when I
> load a yara rule and scan it via guestfs_yara_scan, my binary
> throughts following error:
>
> libguestfs: error: deserialise_yara_detection_list: Success
>
> And function exists with NULL value. As we can see this function is on
> lib/yar...
2019 Dec 21
0
Re: Libguestfs with Yara rules error
Hi Richard.
Few days ago, I installed libyara a libguestfs properly. But when I load
a yara rule and scan it via guestfs_yara_scan, my binary throughts
following error:
libguestfs: error: deserialise_yara_detection_list: Success
And function exists with NULL value. As we can see this function is on
lib/yara.c from libguestfs git. I think...
2016 Nov 21
2
Re: [PATCH v2 2/6] New API: yara_load
...; +#ifdef HAVE_YARA
> +
> +void
> +cleanup_destroy_yara_compiler (void *ptr)
> +{
> + YR_COMPILER *compiler = * (YR_COMPILER **) ptr;
> +
> + if (compiler != NULL)
> + yr_compiler_destroy (compiler);
> +}
> +
This should rather be directly in daemon/yara.c, since libyara would be
used there only.
> +static int
> +upload_rules_file (char *rules_path)
> +{
> + int ret = 0;
> + CLEANUP_CLOSE int fd = 0;
> + struct write_callback_data data = { .written = 0 };
> +
> + data.fd = mkstemp (rules_path);
> + if (data.fd == -1) {
> + rep...
2016 Nov 09
9
[PATCH v2 0/6] Feature: Yara file scanning
v2:
- Fix yara dependency in packagelist
- Use pkg-config where available
- Improve longdesc of yara_load API
- Fix libyara initialization and finalization
- Import CLEANUP_FCLOSE
- Add custom CLEANUP_DESTROY_YARA_COMPILER
- Add rules compilation error callback
- Other small fixes according to comments
Matteo Cafasso (6):
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: inte...
2016 Nov 22
2
Re: [PATCH v2 4/6] New API: internal_yara_scan
...rces." };
> +
> + { defaults with
> + name = "internal_yara_scan"; added = (1, 35, 15);
> + style = RErr, [Pathname "path"; FileOut "filename";], [];
> + proc_nr = Some 473;
> + visibility = VInternal;
> + optional = Some "libyara";
> + shortdesc = "scan a file with the loaded yara rules";
> + longdesc = "Internal function for yara_scan." };
> +
> ]
>
> (* Non-API meta-commands available only in guestfish.
> diff --git a/generator/structs.ml b/generator/structs.ml
>...
2016 Nov 24
1
Re: [PATCH v2 4/6] New API: internal_yara_scan
...ember 2016 19:41:10 CET noxdafox wrote:
> > yara_load supports loading rules already compiled, which could have a
> > namespace set -- I guess it should be reported here as well.
> The namespace is accessible via the YR_RULE struct:
> https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242
>
> Yet is nowere to be found in the C API documentation.
> http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE
>
> That's why I kept it out of the scope. I can obviously add it but we're
> not sure whether they will expose it differently...
2016 Nov 02
8
[PATCH 0/6] Feature: Yara file scanning
...he entire FS starting from the given point (could it be a flag in yara_scan?)
- yara_scan_inode: use TSK to scan files by inodes allowing to scan deleted or hidden files
Code ready for review, available here:
https://github.com/noxdafox/libguestfs/tree/yara
Matteo Cafasso (6):
appliance: add libyara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
appliance/packagelist.in | 1 +
configure.ac | 1 +
daemon/Makefile.am | 4 +-
daemon/yar...
2016 Nov 22
0
Re: [PATCH v2 2/6] New API: yara_load
...d
>> +cleanup_destroy_yara_compiler (void *ptr)
>> +{
>> + YR_COMPILER *compiler = * (YR_COMPILER **) ptr;
>> +
>> + if (compiler != NULL)
>> + yr_compiler_destroy (compiler);
>> +}
>> +
> This should rather be directly in daemon/yara.c, since libyara would be
> used there only.
>
>> +static int
>> +upload_rules_file (char *rules_path)
>> +{
>> + int ret = 0;
>> + CLEANUP_CLOSE int fd = 0;
>> + struct write_callback_data data = { .written = 0 };
>> +
>> + data.fd = mkstemp (rules_path);
&...
2017 Apr 04
13
[PATCH v5 0/7] Feature: Yara file scanning
v5:
- rebase on top of 1.37.9
- add missing actions_yara.* files
Matteo Cafasso (7):
daemon: expose file upload logic
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
appliance/packagelist.in | 4 +
configure.ac | 1 +
daemon/Makefile.am
2016 Dec 18
6
[PATCH v3 0/6] Feature: Yara file scanning
v3:
- allow to load multiple rule files
- added optional namespace parameter to yara_load
- move destructor logic in yara module
- use generic file upload logic
- use generic temporary path function
Matteo Cafasso (6):
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
2016 Nov 22
0
Re: [PATCH v2 4/6] New API: internal_yara_scan
...t;> + { defaults with
>> + name = "internal_yara_scan"; added = (1, 35, 15);
>> + style = RErr, [Pathname "path"; FileOut "filename";], [];
>> + proc_nr = Some 473;
>> + visibility = VInternal;
>> + optional = Some "libyara";
>> + shortdesc = "scan a file with the loaded yara rules";
>> + longdesc = "Internal function for yara_scan." };
>> +
>> ]
>>
>> (* Non-API meta-commands available only in guestfish.
>> diff --git a/generator/structs....
2017 Apr 06
14
[PATCH v6 0/7] Feature: Yara file scanning
v6:
- use new test functions
- fix yara_detection struct field names
- revert yara_load function to initial version
With Pino we were exploring the idea of allowing Users to load multiple
rule files with subsequent calls to yara_load API.
https://www.redhat.com/archives/libguestfs/2016-November/msg00119.html
It turns out impractical due to YARA API limitations. It is possible
to load multiple
2017 Feb 20
2
Re: [PATCH v3 0/7] Feature: Yara file scanning
2017-02-20 12:26 GMT+02:00 Daniel P. Berrange <berrange@redhat.com>:
> On Sun, Feb 19, 2017 at 07:09:51PM +0200, Matteo Cafasso wrote:
> > Rebase patches on top of 1.35.25.
> >
> > No changes since last series.
>
> Can you explain the motivation behind adding the APis to libguestfs ?
>
> Since the libguestfs VM is separate from the real VM, it can't
>
2017 Feb 19
9
[PATCH v3 0/7] Feature: Yara file scanning
Rebase patches on top of 1.35.25.
No changes since last series.
Matteo Cafasso (7):
daemon: expose file upload logic
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
appliance/packagelist.in | 4 +
configure.ac | 1 +
daemon/Makefile.am
2017 Apr 23
11
[PATCH v7 0/7] Feature: Yara file scanning
v7:
- Fixes according to comments
- Rebase on top of 1.37.12
Matteo Cafasso (7):
daemon: expose file upload logic
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
appliance/packagelist.in | 4 +
configure.ac | 1 +
daemon/Makefile.am
2017 Apr 25
8
[PATCH v9 0/7] Feature: Yara file scanning
v9:
- fixes according to comments
Matteo Cafasso (7):
daemon: expose file upload logic
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
appliance/packagelist.in | 4 +
configure.ac | 1 +
daemon/Makefile.am | 4 +-
2016 Nov 09
0
[PATCH v2 1/6] appliance: add yara dependency
libyara3 on Debian/Ubuntu
yara on SUSE/RedHat
Signed-off-by: Matteo Cafasso <noxdafox@gmail.com>
---
appliance/packagelist.in | 4 ++++
daemon/Makefile.am | 3 ++-
m4/guestfs_daemon.m4 | 14 ++++++++++++++
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/appliance/packagel...
2016 Dec 18
0
[PATCH v3 1/6] appliance: add yara dependency
libyara3 on Debian/Ubuntu
yara on SUSE/RedHat
Signed-off-by: Matteo Cafasso <noxdafox@gmail.com>
---
appliance/packagelist.in | 4 ++++
daemon/Makefile.am | 3 ++-
m4/guestfs_daemon.m4 | 14 ++++++++++++++
3 files changed, 20 insertions(+), 1 deletion(-)
diff --git a/appliance/packagel...