Crate yara_x

A YARA compiler and scanner completely written in Rust from scratch.

It is 99% compatible with existing YARA rules and intends to be a safer, more efficient implementation of YARA.

There are two main types in this crate: Compiler and Scanner. A compiler takes YARA source code and produces compiled Rules that are passed to the scanner for scanning files or in-memory data. The Rules produced by the compiler can be safely passed to multiple instances of Scanner, but each instance of the scanner can be used for scanning a single file or memory buffer at a time. The scanner can be re-used for scanning multiple files or memory-buffers, though.

Example

// Create a compiler.
let mut compiler = yara_x::Compiler::new();

// Add some YARA source code to compile.
compiler.add_source(r#"
    rule lorem_ipsum {
      strings:
        $ = "Lorem ipsum"
      condition:
        all of them
    }
"#).unwrap();

// Obtain the compiled YARA rules.
let rules = compiler.build();

// Create a scanner that uses the compiled rules.
let mut scanner = yara_x::Scanner::new(&rules);

// Scan some data.
let results = scanner.scan("Lorem ipsum".as_bytes()).unwrap();

assert_eq!(results.matching_rules().len(), 1);

Modules

• mods
  Utility functions and structures for invoking YARA modules directly.

Structs

• Compiler
  Compiles YARA source code producing a set of compiled Rules.
• Match
  Represents a match.
• Matches
  Iterator that returns the matches for a pattern.
• MatchingRules
  Iterator that yields the rules that matched during a scan.
• ModuleOutputs
  Iterator that returns the outputs produced by YARA modules.
• NonMatchingRules
  Iterator that yields the rules that didn’t match during a scan.
• Pattern
  Represents a pattern defined by a rule.
• Patterns
  An iterator that returns the patterns defined by a rule.
• Rule
  A structure that describes a rule.
• Rules
  A set of YARA rules in compiled form.
• ScanResults
  Results of a scan operation.
• Scanner
  Scans data with already compiled YARA rules.
• Variable
  Represents a YARA variable.

Enums

• CompileError
  An error occurred during the compilation process.
• Error
  Errors returned by the compiler.
• ScanError
  Error returned by Scanner::scan and Scanner::scan_file.
• SerializationError
  Errors returned while serializing/deserializing compiled rules.
• VariableError
  Errors returned while defining or setting variables.

Functions

• compile
  Compiles a YARA source code.