yara-rust
Bindings for the Yara library from VirusTotal.
More documentation can be found on the Yara's documentation.
Example
The implementation is inspired from yara-python.
let mut yara = create.unwrap;
let mut compiler = yara.new_compiler.unwrap;
compiler.add_rules_str.expect;
let mut rules = compiler.compile_rules.expect;
let results = rules.scan_mem.expect;
assert!;
Features
- Support from Yara 3.7 to 3.11.0.
- Compile rules from strings or files.
- Save and load compiled rules.
- Scan byte arrays (
&[u8]
) or files.
Feature flags and Yara linking.
Look at the yara-sys crate documentation for a list of feature flags and how to link to your Yara crate.
TODO
- Remove some
unwrap
on string conversions (currently this crate assume the rules, meta and namespace identifier are valid Rust'sstr
). - Implement the scanner API.
- Look at the source code of Yara (or in documentation if specified) to assess thread safety.
- Look at the source code of Yara (or in documentation if specified) to see if we can remove some
mut
in some functions (asYara::new_compiler
andYara::load_rules
).
License
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.