search for: yara_load

Displaying 20 results from an estimated 43 matches for "yara_load".

2017 Mar 12
0
[PATCH v4 3/7] New API: yara_load
The yara_load API allows to load a set of Yara rules contained within a file on the host. Rules can be in binary format, as when compiled with yarac command, or in source code format. In the latter case, the rules will be first compiled and then loaded. Subsequent calls of the yara_load API will result in the...
2016 Nov 22
0
Re: [PATCH v2 2/6] New API: yara_load
On 21/11/16 18:27, Pino Toscano wrote: > On Wednesday, 9 November 2016 22:38:53 CET Matteo Cafasso wrote: >> The yara_load API allows to load a set of Yara rules contained within a >> file on the host. >> >> Rules can be in binary format, as when compiled with yarac command, or >> in source code format. In the latter case, the rules will be first >> compiled and then loaded. >> >&...
2016 Nov 02
0
[PATCH 2/6] New API: yara_load
The yara_load API allows to load a set of Yara rules contained within a file on the host. Rules can be in binary format, as when compiled with yarac command, or in source code format. In the latter case, the rules will be first compiled and then loaded. Subsequent calls of the yara_load API will result in the...
2017 Apr 04
0
[PATCH v5 3/7] New API: yara_load
The yara_load API allows to load a set of Yara rules contained within a file on the host. Rules can be in binary format, as when compiled with yarac command, or in source code format. In the latter case, the rules will be first compiled and then loaded. Subsequent calls of the yara_load API will result in the...
2016 Nov 21
2
Re: [PATCH v2 2/6] New API: yara_load
On Wednesday, 9 November 2016 22:38:53 CET Matteo Cafasso wrote: > The yara_load API allows to load a set of Yara rules contained within a > file on the host. > > Rules can be in binary format, as when compiled with yarac command, or > in source code format. In the latter case, the rules will be first > compiled and then loaded. > > Subsequent calls of th...
2016 Nov 09
0
[PATCH v2 2/6] New API: yara_load
The yara_load API allows to load a set of Yara rules contained within a file on the host. Rules can be in binary format, as when compiled with yarac command, or in source code format. In the latter case, the rules will be first compiled and then loaded. Subsequent calls of the yara_load API will result in the...
2017 Apr 25
1
Re: [PATCH v8 4/8] New API: yara_load
On Tue, Apr 25, 2017 at 12:20:02AM +0300, Matteo Cafasso wrote: > The yara_load API allows to load a set of Yara rules contained within a > file on the host. > > Rules can be in binary format, as when compiled with yarac command, or > in source code format. In the latter case, the rules will be first > compiled and then loaded. > > Subsequent calls of th...
2017 Apr 06
0
[PATCH v6 3/7] New API: yara_load
The yara_load API allows to load a set of Yara rules contained within a file on the host. Rules can be in binary format, as when compiled with yarac command, or in source code format. In the latter case, the rules will be first compiled and then loaded. Subsequent calls of the yara_load API will result in the...
2017 Apr 24
0
[PATCH v8 4/8] New API: yara_load
The yara_load API allows to load a set of Yara rules contained within a file on the host. Rules can be in binary format, as when compiled with yarac command, or in source code format. In the latter case, the rules will be first compiled and then loaded. Subsequent calls of the yara_load API will result in the...
2016 Nov 24
1
Re: [PATCH v2 4/6] New API: internal_yara_scan
On Tuesday, 22 November 2016 19:41:10 CET noxdafox wrote: > > yara_load supports loading rules already compiled, which could have a > > namespace set -- I guess it should be reported here as well. > The namespace is accessible via the YR_RULE struct: > https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242 > > Yet is nowere...
2017 Mar 12
8
[PATCH v4 0/7] Feature: Yara file scanning
Rebase patches on top of 1.37.1. No changes since last series. Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +- daemon/cleanups.c |...
2017 Apr 04
13
[PATCH v5 0/7] Feature: Yara file scanning
v5: - rebase on top of 1.37.9 - add missing actions_yara.* files Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +- daemon/cleanups.c |...
2016 Nov 22
2
Re: [PATCH v2 4/6] New API: internal_yara_scan
...5 @@ let structs = [ > ]; > s_camel_name = "TSKDirent" }; > > + (* Yara detection information. *) > + { defaults with > + s_name = "yara_detection"; > + s_cols = [ > + "name", FString; > + "rule", FString; yara_load supports loading rules already compiled, which could have a namespace set -- I guess it should be reported here as well. That triggers another question: should the yara support allow to load more rules one after each other (with namespaces as well), instead of just one? Thanks, -- Pino Toscano
2019 Dec 10
2
Re: Libguestfs with Yara rules error
On Tue, Dec 10, 2019 at 09:19:47AM +0100, Luis wrote: > I am using libguestfs 1.40.2 and yara 3.11.0 but when I execute my program > it thoughts the following error: > > $> ./yara-guestfs > libguestfs: error: yara_load: feature 'libyara' is not available in this > build of libguestfs. Read 'AVAILABILITY' in the guestfs(3) man page for > > If we check the manual, in guestfs appears guestfs_yara_load function so > libyara is installed. I installed and compiled it from tarballs. This f...
2017 Apr 06
14
[PATCH v6 0/7] Feature: Yara file scanning
v6: - use new test functions - fix yara_detection struct field names - revert yara_load function to initial version With Pino we were exploring the idea of allowing Users to load multiple rule files with subsequent calls to yara_load API. https://www.redhat.com/archives/libguestfs/2016-November/msg00119.html It turns out impractical due to YARA API limitations. It is possible to load...
2017 Apr 24
10
[PATCH v8 0/8] Feature: Yara file scanning
v8: - Ignore returned value in daemon/upload.c - Report serialization errors in lib/yara.c Matteo Cafasso (8): daemon: ignore unused return value in upload function daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +- daemon/cleanups.c |...
2016 Dec 18
6
[PATCH v3 0/6] Feature: Yara file scanning
v3: - allow to load multiple rule files - added optional namespace parameter to yara_load - move destructor logic in yara module - use generic file upload logic - use generic temporary path function Matteo Cafasso (6): appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests applia...
2017 Apr 25
8
[PATCH v9 0/7] Feature: Yara file scanning
v9: - fixes according to comments Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +- daemon/cleanups.c |...
2017 Apr 23
11
[PATCH v7 0/7] Feature: Yara file scanning
v7: - Fixes according to comments - Rebase on top of 1.37.12 Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +- daemon/cleanups.c |...
2016 Nov 09
9
[PATCH v2 0/6] Feature: Yara file scanning
v2: - Fix yara dependency in packagelist - Use pkg-config where available - Improve longdesc of yara_load API - Fix libyara initialization and finalization - Import CLEANUP_FCLOSE - Add custom CLEANUP_DESTROY_YARA_COMPILER - Add rules compilation error callback - Other small fixes according to comments Matteo Cafasso (6): appliance: add yara dependency New API: yara_load New API: yara_dest...