search for: libyara

On Tue, Dec 10, 2019 at 09:19:47AM +0100, Luis wrote: > I am using libguestfs 1.40.2 and yara 3.11.0 but when I execute my program > it thoughts the following error: > > $> ./yara-guestfs > libguestfs: error: yara_load: feature 'libyara' is not available in this > build of libguestfs. Read 'AVAILABILITY' in the guestfs(3) man page for > > If we check the manual, in guestfs appears guestfs_yara_load function so > libyara is installed. I installed and compiled it from tarballs. This function: https://gith...

...- m4/guestfs_daemon.m4 | 8 ++++++++ 3 files changed, 11 insertions(+), 1 deletion(-) diff --git a/appliance/packagelist.in b/appliance/packagelist.in index f278f66..5982df8 100644 --- a/appliance/packagelist.in +++ b/appliance/packagelist.in @@ -232,6 +232,7 @@ jfsutils kmod less libxml2 +libyara3 lsof lsscsi lvm2 diff --git a/daemon/Makefile.am b/daemon/Makefile.am index 23f60eb..3a25f43 100644 --- a/daemon/Makefile.am +++ b/daemon/Makefile.am @@ -222,7 +222,8 @@ guestfsd_LDADD = \ $(LIBINTL) \ $(SERVENT_LIB) \ $(PCRE_LIBS) \ - $(TSK_LIBS) + $(TSK_LIBS) \ + $(YARA_LIBS) guestfsd...

Sorry Richard. Now I will attach you debug file. El 21/12/2019 a las 16:38, Luis Fueris escribió: > > Hi Richard. > > Few days ago, I installed libyara a libguestfs properly. But when I > load a yara rule and scan it via guestfs_yara_scan, my binary > throughts following error: > > libguestfs: error: deserialise_yara_detection_list: Success > > And function exists with NULL value. As we can see this function is on > lib/yar...

Hi Richard. Few days ago, I installed libyara a libguestfs properly. But when I load a yara rule and scan it via guestfs_yara_scan, my binary throughts following error: libguestfs: error: deserialise_yara_detection_list: Success And function exists with NULL value. As we can see this function is on lib/yara.c from libguestfs git. I think...

...; +#ifdef HAVE_YARA > + > +void > +cleanup_destroy_yara_compiler (void *ptr) > +{ > + YR_COMPILER *compiler = * (YR_COMPILER **) ptr; > + > + if (compiler != NULL) > + yr_compiler_destroy (compiler); > +} > + This should rather be directly in daemon/yara.c, since libyara would be used there only. > +static int > +upload_rules_file (char *rules_path) > +{ > + int ret = 0; > + CLEANUP_CLOSE int fd = 0; > + struct write_callback_data data = { .written = 0 }; > + > + data.fd = mkstemp (rules_path); > + if (data.fd == -1) { > + rep...

v2: - Fix yara dependency in packagelist - Use pkg-config where available - Improve longdesc of yara_load API - Fix libyara initialization and finalization - Import CLEANUP_FCLOSE - Add custom CLEANUP_DESTROY_YARA_COMPILER - Add rules compilation error callback - Other small fixes according to comments Matteo Cafasso (6): appliance: add yara dependency New API: yara_load New API: yara_destroy New API: inte...

...rces." }; > + > + { defaults with > + name = "internal_yara_scan"; added = (1, 35, 15); > + style = RErr, [Pathname "path"; FileOut "filename";], []; > + proc_nr = Some 473; > + visibility = VInternal; > + optional = Some "libyara"; > + shortdesc = "scan a file with the loaded yara rules"; > + longdesc = "Internal function for yara_scan." }; > + > ] > > (* Non-API meta-commands available only in guestfish. > diff --git a/generator/structs.ml b/generator/structs.ml >...

...ember 2016 19:41:10 CET noxdafox wrote: > > yara_load supports loading rules already compiled, which could have a > > namespace set -- I guess it should be reported here as well. > The namespace is accessible via the YR_RULE struct: > https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242 > > Yet is nowere to be found in the C API documentation. > http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE > > That's why I kept it out of the scope. I can obviously add it but we're > not sure whether they will expose it differently...

...he entire FS starting from the given point (could it be a flag in yara_scan?) - yara_scan_inode: use TSK to scan files by inodes allowing to scan deleted or hidden files Code ready for review, available here: https://github.com/noxdafox/libguestfs/tree/yara Matteo Cafasso (6): appliance: add libyara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 1 + configure.ac | 1 + daemon/Makefile.am | 4 +- daemon/yar...

...d >> +cleanup_destroy_yara_compiler (void *ptr) >> +{ >> + YR_COMPILER *compiler = * (YR_COMPILER **) ptr; >> + >> + if (compiler != NULL) >> + yr_compiler_destroy (compiler); >> +} >> + > This should rather be directly in daemon/yara.c, since libyara would be > used there only. > >> +static int >> +upload_rules_file (char *rules_path) >> +{ >> + int ret = 0; >> + CLEANUP_CLOSE int fd = 0; >> + struct write_callback_data data = { .written = 0 }; >> + >> + data.fd = mkstemp (rules_path); &...

v5: - rebase on top of 1.37.9 - add missing actions_yara.* files Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am

v3: - allow to load multiple rule files - added optional namespace parameter to yara_load - move destructor logic in yara module - use generic file upload logic - use generic temporary path function Matteo Cafasso (6): appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests

...t;> + { defaults with >> + name = "internal_yara_scan"; added = (1, 35, 15); >> + style = RErr, [Pathname "path"; FileOut "filename";], []; >> + proc_nr = Some 473; >> + visibility = VInternal; >> + optional = Some "libyara"; >> + shortdesc = "scan a file with the loaded yara rules"; >> + longdesc = "Internal function for yara_scan." }; >> + >> ] >> >> (* Non-API meta-commands available only in guestfish. >> diff --git a/generator/structs....

v6: - use new test functions - fix yara_detection struct field names - revert yara_load function to initial version With Pino we were exploring the idea of allowing Users to load multiple rule files with subsequent calls to yara_load API. https://www.redhat.com/archives/libguestfs/2016-November/msg00119.html It turns out impractical due to YARA API limitations. It is possible to load multiple

2017-02-20 12:26 GMT+02:00 Daniel P. Berrange <berrange@redhat.com>: > On Sun, Feb 19, 2017 at 07:09:51PM +0200, Matteo Cafasso wrote: > > Rebase patches on top of 1.35.25. > > > > No changes since last series. > > Can you explain the motivation behind adding the APis to libguestfs ? > > Since the libguestfs VM is separate from the real VM, it can't >

Rebase patches on top of 1.35.25. No changes since last series. Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am

v7: - Fixes according to comments - Rebase on top of 1.37.12 Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am

v9: - fixes according to comments Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +-

libyara3 on Debian/Ubuntu yara on SUSE/RedHat Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- appliance/packagelist.in | 4 ++++ daemon/Makefile.am | 3 ++- m4/guestfs_daemon.m4 | 14 ++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/appliance/packagel...

libyara3 on Debian/Ubuntu yara on SUSE/RedHat Signed-off-by: Matteo Cafasso <noxdafox@gmail.com> --- appliance/packagelist.in | 4 ++++ daemon/Makefile.am | 3 ++- m4/guestfs_daemon.m4 | 14 ++++++++++++++ 3 files changed, 20 insertions(+), 1 deletion(-) diff --git a/appliance/packagel...