open_detect/
lib.rs

1//! # open-detect
2//!
3//! A fast, flexible malware detection engine with YARA rule support and automatic
4//! archive extraction for security researchers.
5//!
6//! ## Features
7//!
8//! - **YARA-based detection** - Leverage the power of YARA rules for malware detection
9//! - **Automatic archive extraction** - Recursively scans ZIP, TAR, GZ, BZ2 archives
10//! - **Thread-safe** - Scanner is both `Send` and `Sync` for concurrent scanning
11//! - **Zero-copy scanning** - Efficient scanning with minimal memory overhead
12//! - **Flexible API** - Builder pattern for easy configuration
13//!
14//! ## Quick Start
15//!
16//! ```no_run
17//! use open_detect::{Scanner, SigSet, Signature, ScanResult};
18//! use std::path::Path;
19//!
20//! // Load YARA signatures
21//! let sig_set = SigSet::new()
22//!     .with_sig_dir_recursive(Path::new("signatures"))
23//!     .expect("Failed to load signatures");
24//!
25//! // Create scanner
26//! let scanner = Scanner::new(sig_set);
27//!
28//! // Scan a file
29//! match scanner.scan_file(Path::new("suspicious.exe")).unwrap() {
30//!     ScanResult::Clean => println!("File is clean"),
31//!     ScanResult::Malicious(detections) => {
32//!         for detection in detections {
33//!             println!("Detected: {}", detection.name);
34//!         }
35//!     }
36//! }
37//! ```
38//!
39//! ## Scanning Buffers
40//!
41//! ```no_run
42//! use open_detect::{Scanner, SigSet, Signature};
43//!
44//! let sig_set = SigSet::from_signature(
45//!     Signature("rule test { strings: $a = \"malware\" condition: $a }".to_string())
46//! ).unwrap();
47//!
48//! let scanner = Scanner::new(sig_set);
49//! let data = b"some data containing malware";
50//! let result = scanner.scan_buf(data).unwrap();
51//! ```
52//!
53//! ## Building Signature Sets
54//!
55//! ```no_run
56//! use open_detect::{SigSet, Signature};
57//! use std::path::Path;
58//!
59//! // From a single signature
60//! let sig_set = SigSet::from_signature(
61//!     Signature("rule test { condition: true }".to_string())
62//! ).unwrap();
63//!
64//! // From multiple signatures
65//! let sig_set = SigSet::from_signatures(vec![
66//!     Signature("rule test1 { condition: true }".to_string()),
67//!     Signature("rule test2 { condition: false }".to_string()),
68//! ]).unwrap();
69//!
70//! // From directory (recursive)
71//! let sig_set = SigSet::new()
72//!     .with_sig_dir_recursive(Path::new("signatures"))
73//!     .unwrap();
74//!
75//! // Chain multiple sources
76//! let sig_set = SigSet::from_signature(
77//!     Signature("rule custom { condition: true }".to_string())
78//! )
79//! .unwrap()
80//! .with_sig_dir_recursive(Path::new("signatures"))
81//! .unwrap();
82//! ```
83//!
84//! ## Configuring Extraction Limits
85//!
86//! ```no_run
87//! use open_detect::{Scanner, SigSet};
88//!
89//! # let sig_set = SigSet::new();
90//! let scanner = Scanner::new(sig_set)
91//!     .with_max_extracted_size(100 * 1024 * 1024)      // 100 MB per file
92//!     .with_max_total_extracted_size(1024 * 1024 * 1024); // 1 GB total
93//! ```
94
95pub mod errors;
96pub mod scan_result;
97pub mod scanner;
98pub mod signature;
99
100// Re-export commonly used types for convenience
101pub use errors::{Error, Result};
102pub use scan_result::{Detection, ScanResult};
103pub use scanner::Scanner;
104pub use signature::{SigSet, Signature};