[Libguestfs] [PATCH v2 4/6] New API: internal_yara_scan
Pino Toscano
ptoscano at redhat.com
Thu Nov 24 15:42:31 UTC 2016
On Tuesday, 22 November 2016 19:41:10 CET noxdafox wrote:
> > yara_load supports loading rules already compiled, which could have a
> > namespace set -- I guess it should be reported here as well.
> The namespace is accessible via the YR_RULE struct:
> https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242
>
> Yet is nowere to be found in the C API documentation.
> http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE
>
> That's why I kept it out of the scope. I can obviously add it but we're
> not sure whether they will expose it differently in future versions of Yara.
Drat... Maybe it would be worth asking them if it's just a documentation
issue, or it is really private. In any case, it is not a big issue at
the moment.
> > That triggers another question: should the yara support allow to load
> > more rules one after each other (with namespaces as well), instead of
> > just one?
> We surely can do. I'll see what can be done. Maybe an optional parameter
> "namespace" in the yara_load API.
Right, that is what I was thinking about.
--
Pino Toscano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20161124/dbbfdb7d/attachment.sig>
More information about the Libguestfs
mailing list