Displaying 20 results from an estimated 3000 matches similar to: "[PATCH v6 0/7] Feature: Yara file scanning"
2017 Apr 23
11
[PATCH v7 0/7] Feature: Yara file scanning
v7:
- Fixes according to comments
- Rebase on top of 1.37.12
Matteo Cafasso (7):
daemon: expose file upload logic
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
appliance/packagelist.in | 4 +
configure.ac | 1 +
daemon/Makefile.am
2017 Apr 24
10
[PATCH v8 0/8] Feature: Yara file scanning
v8:
- Ignore returned value in daemon/upload.c
- Report serialization errors in lib/yara.c
Matteo Cafasso (8):
daemon: ignore unused return value in upload function
daemon: expose file upload logic
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
appliance/packagelist.in
2017 Apr 04
13
[PATCH v5 0/7] Feature: Yara file scanning
v5:
- rebase on top of 1.37.9
- add missing actions_yara.* files
Matteo Cafasso (7):
daemon: expose file upload logic
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
appliance/packagelist.in | 4 +
configure.ac | 1 +
daemon/Makefile.am
2017 Apr 25
8
[PATCH v9 0/7] Feature: Yara file scanning
v9:
- fixes according to comments
Matteo Cafasso (7):
daemon: expose file upload logic
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
appliance/packagelist.in | 4 +
configure.ac | 1 +
daemon/Makefile.am | 4 +-
2017 Mar 12
8
[PATCH v4 0/7] Feature: Yara file scanning
Rebase patches on top of 1.37.1.
No changes since last series.
Matteo Cafasso (7):
daemon: expose file upload logic
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
appliance/packagelist.in | 4 +
configure.ac | 1 +
daemon/Makefile.am
2017 Feb 19
9
[PATCH v3 0/7] Feature: Yara file scanning
Rebase patches on top of 1.35.25.
No changes since last series.
Matteo Cafasso (7):
daemon: expose file upload logic
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
appliance/packagelist.in | 4 +
configure.ac | 1 +
daemon/Makefile.am
2016 Nov 02
8
[PATCH 0/6] Feature: Yara file scanning
Yara is a rule based scanning engine aimed to help malware analysts in finding and classifying interesting samples.
https://github.com/VirusTotal/yara
This series adds Yara support to Libguestfs allowing to upload sets of rules and scanning files against them.
Currently provided APIs:
- yara_load: loads a set of rules
- yara_destroy: free resources allocated by loaded rules
- yara_scan:
2016 Nov 09
9
[PATCH v2 0/6] Feature: Yara file scanning
v2:
- Fix yara dependency in packagelist
- Use pkg-config where available
- Improve longdesc of yara_load API
- Fix libyara initialization and finalization
- Import CLEANUP_FCLOSE
- Add custom CLEANUP_DESTROY_YARA_COMPILER
- Add rules compilation error callback
- Other small fixes according to comments
Matteo Cafasso (6):
appliance: add yara dependency
New API: yara_load
New API:
2016 Dec 18
6
[PATCH v3 0/6] Feature: Yara file scanning
v3:
- allow to load multiple rule files
- added optional namespace parameter to yara_load
- move destructor logic in yara module
- use generic file upload logic
- use generic temporary path function
Matteo Cafasso (6):
appliance: add yara dependency
New API: yara_load
New API: yara_destroy
New API: internal_yara_scan
New API: yara_scan
yara_scan: added API tests
2016 Nov 22
2
Re: [PATCH v2 4/6] New API: internal_yara_scan
On Wednesday, 9 November 2016 22:38:55 CET Matteo Cafasso wrote:
> The internal_yara_scan runs the Yara engine with the previously loaded
> rules against the given file.
>
> For each rule matching against the scanned file, a struct containing
> the file name and the rule identifier is returned.
>
> The gathered list of yara_detection structs is serialised into XDR format
2017 Apr 06
0
[PATCH v6 6/7] New API: yara_scan
The yara_scan API parses the file generated by the daemon counterpart
function and returns the list of yara_detection structs to the user.
It writes the daemon's command output on a temporary file and parses it,
deserialising the XDR formatted yara_detection structs.
It returns to the caller the list of yara_detection structs generated by
the internal_yara_scan command.
Signed-off-by:
2017 Apr 23
0
[PATCH v7 6/7] New API: yara_scan
The yara_scan API parses the file generated by the daemon counterpart
function and returns the list of yara_detection structs to the user.
It writes the daemon's command output on a temporary file and parses it,
deserialising the XDR formatted yara_detection structs.
It returns to the caller the list of yara_detection structs generated by
the internal_yara_scan command.
Signed-off-by:
2017 Apr 04
0
[PATCH v5 6/7] New API: yara_scan
The yara_scan API parses the file generated by the daemon counterpart
function and returns the list of yara_detection structs to the user.
It writes the daemon's command output on a temporary file and parses it,
deserialising the XDR formatted yara_detection structs.
It returns to the caller the list of yara_detection structs generated by
the internal_yara_scan command.
Signed-off-by:
2016 Nov 21
2
Re: [PATCH v2 2/6] New API: yara_load
On Wednesday, 9 November 2016 22:38:53 CET Matteo Cafasso wrote:
> The yara_load API allows to load a set of Yara rules contained within a
> file on the host.
>
> Rules can be in binary format, as when compiled with yarac command, or
> in source code format. In the latter case, the rules will be first
> compiled and then loaded.
>
> Subsequent calls of the yara_load API
2016 Nov 09
0
[PATCH v2 5/6] New API: yara_scan
The yara_scan API parses the file generated by the daemon counterpart
function and returns the list of yara_detection structs to the user.
It writes the daemon's command output on a temporary file and parses it,
deserialising the XDR formatted yara_detection structs.
It returns to the caller the list of yara_detection structs generated by
the internal_yara_scan command.
Signed-off-by:
2017 Apr 24
0
[PATCH v8 6/8] New API: internal_yara_scan
The internal_yara_scan runs the Yara engine with the previously loaded
rules against the given file.
For each rule matching against the scanned file, a struct containing
the file name and the rule identifier is returned.
The gathered list of yara_detection structs is serialised into XDR format
and written to a file.
Signed-off-by: Matteo Cafasso <noxdafox@gmail.com>
---
daemon/yara.c
2017 Apr 06
0
[PATCH v6 5/7] New API: internal_yara_scan
The internal_yara_scan runs the Yara engine with the previously loaded
rules against the given file.
For each rule matching against the scanned file, a struct containing
the file name and the rule identifier is returned.
The gathered list of yara_detection structs is serialised into XDR format
and written to a file.
Signed-off-by: Matteo Cafasso <noxdafox@gmail.com>
---
daemon/yara.c
2017 Apr 04
0
[PATCH v5 5/7] New API: internal_yara_scan
The internal_yara_scan runs the Yara engine with the previously loaded
rules against the given file.
For each rule matching against the scanned file, a struct containing
the file name and the rule identifier is returned.
The gathered list of yara_detection structs is serialised into XDR format
and written to a file.
Signed-off-by: Matteo Cafasso <noxdafox@gmail.com>
---
daemon/yara.c
2017 Apr 06
0
[PATCH v6 3/7] New API: yara_load
The yara_load API allows to load a set of Yara rules contained within a
file on the host.
Rules can be in binary format, as when compiled with yarac command, or
in source code format. In the latter case, the rules will be first
compiled and then loaded.
Subsequent calls of the yara_load API will result in the discard of the
previously loaded rules.
Signed-off-by: Matteo Cafasso
2016 Nov 22
0
Re: [PATCH v2 4/6] New API: internal_yara_scan
Ok on most of the comments, only few notes on the last one.
On 22/11/16 11:04, Pino Toscano wrote:
> On Wednesday, 9 November 2016 22:38:55 CET Matteo Cafasso wrote:
>> The internal_yara_scan runs the Yara engine with the previously loaded
>> rules against the given file.
>>
>> For each rule matching against the scanned file, a struct containing
>> the file name