yara-x 1.17.0

A pure Rust implementation of YARA.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30

import "test_proto2"

rule test_1 {
    condition:
        test_proto2.string_foo matches /foobar/
}

rule test_2 {
    condition:
        test_proto2.string_foo matches /foobar/i
}

rule test_3 {
    condition:
        test_proto2.int64_zero == 0 or
        test_proto2.string_foo matches /foo.bar/i or
        test_proto2.string_foo matches /bar.baz/
}

rule test_4 {
    condition:
        test_proto2.string_foo matches /foo.bar/ or
        test_proto2.string_foo matches /bar.baz/
}

rule test_5 {
    condition:
        test_proto2.string_foo matches /foo.bar/ or
        test_proto2.string_bar matches /bar.baz/
}