search for: yara_load

The yara_load API allows to load a set of Yara rules contained within a file on the host. Rules can be in binary format, as when compiled with yarac command, or in source code format. In the latter case, the rules will be first compiled and then loaded. Subsequent calls of the yara_load API will result in the...

On 21/11/16 18:27, Pino Toscano wrote: > On Wednesday, 9 November 2016 22:38:53 CET Matteo Cafasso wrote: >> The yara_load API allows to load a set of Yara rules contained within a >> file on the host. >> >> Rules can be in binary format, as when compiled with yarac command, or >> in source code format. In the latter case, the rules will be first >> compiled and then loaded. >> >&...

The yara_load API allows to load a set of Yara rules contained within a file on the host. Rules can be in binary format, as when compiled with yarac command, or in source code format. In the latter case, the rules will be first compiled and then loaded. Subsequent calls of the yara_load API will result in the...

The yara_load API allows to load a set of Yara rules contained within a file on the host. Rules can be in binary format, as when compiled with yarac command, or in source code format. In the latter case, the rules will be first compiled and then loaded. Subsequent calls of the yara_load API will result in the...

On Wednesday, 9 November 2016 22:38:53 CET Matteo Cafasso wrote: > The yara_load API allows to load a set of Yara rules contained within a > file on the host. > > Rules can be in binary format, as when compiled with yarac command, or > in source code format. In the latter case, the rules will be first > compiled and then loaded. > > Subsequent calls of th...

The yara_load API allows to load a set of Yara rules contained within a file on the host. Rules can be in binary format, as when compiled with yarac command, or in source code format. In the latter case, the rules will be first compiled and then loaded. Subsequent calls of the yara_load API will result in the...

On Tue, Apr 25, 2017 at 12:20:02AM +0300, Matteo Cafasso wrote: > The yara_load API allows to load a set of Yara rules contained within a > file on the host. > > Rules can be in binary format, as when compiled with yarac command, or > in source code format. In the latter case, the rules will be first > compiled and then loaded. > > Subsequent calls of th...

The yara_load API allows to load a set of Yara rules contained within a file on the host. Rules can be in binary format, as when compiled with yarac command, or in source code format. In the latter case, the rules will be first compiled and then loaded. Subsequent calls of the yara_load API will result in the...

The yara_load API allows to load a set of Yara rules contained within a file on the host. Rules can be in binary format, as when compiled with yarac command, or in source code format. In the latter case, the rules will be first compiled and then loaded. Subsequent calls of the yara_load API will result in the...

On Tuesday, 22 November 2016 19:41:10 CET noxdafox wrote: > > yara_load supports loading rules already compiled, which could have a > > namespace set -- I guess it should be reported here as well. > The namespace is accessible via the YR_RULE struct: > https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242 > > Yet is nowere...

Rebase patches on top of 1.37.1. No changes since last series. Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +- daemon/cleanups.c |...

v5: - rebase on top of 1.37.9 - add missing actions_yara.* files Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +- daemon/cleanups.c |...

...5 @@ let structs = [ > ]; > s_camel_name = "TSKDirent" }; > > + (* Yara detection information. *) > + { defaults with > + s_name = "yara_detection"; > + s_cols = [ > + "name", FString; > + "rule", FString; yara_load supports loading rules already compiled, which could have a namespace set -- I guess it should be reported here as well. That triggers another question: should the yara support allow to load more rules one after each other (with namespaces as well), instead of just one? Thanks, -- Pino Toscano

On Tue, Dec 10, 2019 at 09:19:47AM +0100, Luis wrote: > I am using libguestfs 1.40.2 and yara 3.11.0 but when I execute my program > it thoughts the following error: > > $> ./yara-guestfs > libguestfs: error: yara_load: feature 'libyara' is not available in this > build of libguestfs. Read 'AVAILABILITY' in the guestfs(3) man page for > > If we check the manual, in guestfs appears guestfs_yara_load function so > libyara is installed. I installed and compiled it from tarballs. This f...

v6: - use new test functions - fix yara_detection struct field names - revert yara_load function to initial version With Pino we were exploring the idea of allowing Users to load multiple rule files with subsequent calls to yara_load API. https://www.redhat.com/archives/libguestfs/2016-November/msg00119.html It turns out impractical due to YARA API limitations. It is possible to load...

v8: - Ignore returned value in daemon/upload.c - Report serialization errors in lib/yara.c Matteo Cafasso (8): daemon: ignore unused return value in upload function daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +- daemon/cleanups.c |...

v3: - allow to load multiple rule files - added optional namespace parameter to yara_load - move destructor logic in yara module - use generic file upload logic - use generic temporary path function Matteo Cafasso (6): appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests applia...

v9: - fixes according to comments Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +- daemon/cleanups.c |...

v7: - Fixes according to comments - Rebase on top of 1.37.12 Matteo Cafasso (7): daemon: expose file upload logic appliance: add yara dependency New API: yara_load New API: yara_destroy New API: internal_yara_scan New API: yara_scan yara_scan: added API tests appliance/packagelist.in | 4 + configure.ac | 1 + daemon/Makefile.am | 4 +- daemon/cleanups.c |...

v2: - Fix yara dependency in packagelist - Use pkg-config where available - Improve longdesc of yara_load API - Fix libyara initialization and finalization - Import CLEANUP_FCLOSE - Add custom CLEANUP_DESTROY_YARA_COMPILER - Add rules compilation error callback - Other small fixes according to comments Matteo Cafasso (6): appliance: add yara dependency New API: yara_load New API: yara_dest...