yara-rust

Bindings for the Yara library from VirusTotal.

More documentation can be found on the Yara's documentation.

Example

The implementation is inspired from yara-python.

rust let mut yara = Yara::create().unwrap(); let mut compiler = yara.new_compiler().unwrap(); compiler.add_rules_str("rule contains_rust { strings: $rust = \"rust\" nocase condition: $rust }").expect("Should have parsed rule"); let mut rules = compiler.compile_rules().expect("Should have compiled rules"); let results = rules.scan_mem("I love Rust!".as_bytes(), 5).expect("Should have scanned"); assert!(results.iter().find(|r| r.identifier == "contains_rust").is_some());

Features

• Support from Yara 3.7 to 3.10.
• Compile rules from strings or files.
• Save and load compiled rules.
• Scan byte arrays (&[u8]) or files.

TODO

• [ ] Remove some unwrap on string conversions (currently this crate assume the rules, meta and namespace identifier are valid Rust's str).
• [ ] Implement the scanner API.
• [ ] Look at the source code of Yara (or in documentation if specified) to assess thread safety.
• [ ] Look at the source code of Yara (or in documentation if specified) to see if we can remove some mut in some functions (as Yara::new_compiler and Yara::load_rules).

License

Licensed under either of

• Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.