gora

package module

v1.0.1 Latest Latest Go to latest Published: May 23, 2022 License: Apache-2.0 Imports: 9 Imported by: 0

Details

This section is empty.

View Source

var ErrAlreadyCompiled = errors.New("already compiled")

This section is empty.

type Compiled struct {
	// contains filtered or unexported fields
}

Compiled holds the compiled rules and its associated external variables.

func NewCompiled() *Compiled

func (c *Compiled) CompileDir(target ScanTarget, filenameNS bool, dir string) error

CompileDir compiles the YARA rules in the given directory and sets namespace of each file by cleaning file name(s).

func (c *Compiled) CompileFileOrDir(target ScanTarget, filenameNS bool, path string) error

CompileRulesFileOrDir compiles the YARA rules in the given directory or single file, and sets namespace of each file by cleaning file name(s).

func (c *Compiled) CompileFiles(target ScanTarget, filenameNS bool, paths ...string) error

CompileFiles compiles the YARA rules in the given file paths, sets namespace of each file by cleaning file name(s).

func (c *Compiled) CompileString(target ScanTarget, rule, namespace string) error

CompileString compiles the YARA rules.

func (c *Compiled) CreateScanner() error

func (c *Compiled) DefineScannerVariables(sctx variables.ScanContext) error

func (c *Compiled) Destroy()

func (c *Compiled) Rules() *yara.Rules

func (c *Compiled) ScanFile(filename string) error

func (c *Compiled) ScanFileDescriptor(fd uintptr) error

func (c *Compiled) ScanProc(pid int) error

func (c *Compiled) Scanner() *yara.Scanner

func (c *Compiled) SetCallback(cb yara.ScanCallback) *Compiled

func (c *Compiled) Variables() *variables.Variables

type ScanTarget byte

ScanTarget represents a target for yara scan.

const (
	ScanFile ScanTarget = iota
	ScanProcess
)

Scan targets are file system and process memory.

Path	Synopsis
variables