search for: nower

...ra_load supports loading rules already compiled, which could have a > > namespace set -- I guess it should be reported here as well. > The namespace is accessible via the YR_RULE struct: > https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242 > > Yet is nowere to be found in the C API documentation. > http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE > > That's why I kept it out of the scope. I can obviously add it but we're > not sure whether they will expose it differently in future versions of Yara. Drat... Maybe it woul...

On Wednesday, 9 November 2016 22:38:55 CET Matteo Cafasso wrote: > The internal_yara_scan runs the Yara engine with the previously loaded > rules against the given file. > > For each rule matching against the scanned file, a struct containing > the file name and the rule identifier is returned. > > The gathered list of yara_detection structs is serialised into XDR format

...e", FString; > yara_load supports loading rules already compiled, which could have a > namespace set -- I guess it should be reported here as well. The namespace is accessible via the YR_RULE struct: https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242 Yet is nowere to be found in the C API documentation. http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE That's why I kept it out of the scope. I can obviously add it but we're not sure whether they will expose it differently in future versions of Yara. > > That triggers another question:...