Expand description
boreal is a YARA rules evaluator, used to search for textual and binary patterns.
This crate is a reimplementation of the YARA library. It aims to provide the same set of functionalities, and be fully compatible with all existing YARA rules.
Here is an example on how to use the library.
use boreal::Compiler;
// Rules must first be added to a compiler.
let mut compiler = Compiler::new();
compiler.add_rules_str(r#"
rule example {
meta:
description = "This is an YARA rule example"
date = "2022-11-11"
strings:
$s1 = { 78 6d 6c 68 74 74 70 2e 73 65 6e 64 28 29 }
$s2 = "tmp.dat" fullword wide
condition:
any of them
}
"#)?;
// Then, all added rules are compiled into a scanner object.
let scanner = compiler.into_scanner();
// Use this object to scan strings or files.
let res = scanner.scan_mem(b"<\0t\0m\0p\0.\0d\0a\0t\0>\0");
assert!(res.matched_rules.iter().any(|rule| rule.name == "example"));