yara-rust

Bindings for the Yara library from VirusTotal.

More documentation can be found on the Yara's documentation.

Example

The implementation is inspired from yara-python.

```rust const RULES: &str = r#" rule contains_rust { strings: $rust = "rust" nocase condition: $rust "#;

fn main() { let compiler = Compiler::new().unwrap(); compiler.addrulesstr(RULES) .expect("Should have parsed rule"); let rules = compiler.compilerules() .expect("Should have compiled rules"); let results = rules.scanmem("I love Rust!".asbytes(), 5) .expect("Should have scanned"); assert!(results.iter().any(|r| r.identifier == "containsrust")); } ```

Features

• Support from Yara 3.7 to 3.11.0.
• Compile rules from strings or files.
• Save and load compiled rules.
• Scan byte arrays (&[u8]) or files.

Feature flags and Yara linking.

Look at the yara-sys crate documentation for a list of feature flags and how to link to your Yara crate.

TODO

• [ ] Remove some unwrap on string conversions (currently this crate assume the rules, meta and namespace identifier are valid Rust's str).
• [ ] Accept AsRef<Path> instead of &str on multiple functions.
• [ ] Implement the scanner API.
• [ ] Add process scanning.
• [ ] Report the warnings to the user.

License

Licensed under either of

• Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.