[Libguestfs] [PATCH v2 4/6] New API: internal_yara_scan
noxdafox
noxdafox at gmail.com
Thu Nov 24 19:34:24 UTC 2016
On 24/11/16 17:42, Pino Toscano wrote:
> On Tuesday, 22 November 2016 19:41:10 CET noxdafox wrote:
>>> yara_load supports loading rules already compiled, which could have a
>>> namespace set -- I guess it should be reported here as well.
>> The namespace is accessible via the YR_RULE struct:
>> https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242
>>
>> Yet is nowere to be found in the C API documentation.
>> http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE
>>
>> That's why I kept it out of the scope. I can obviously add it but we're
>> not sure whether they will expose it differently in future versions of Yara.
> Drat... Maybe it would be worth asking them if it's just a documentation
> issue, or it is really private. In any case, it is not a big issue at
> the moment.
https://github.com/VirusTotal/yara/issues/570
Let's keep it out for this patch series. I'll make sure we'll have a
clear answer before the next stable release of libguestfs.
I'll slowly proceed applying the suggested changes. Thanks.
>
>>> That triggers another question: should the yara support allow to load
>>> more rules one after each other (with namespaces as well), instead of
>>> just one?
>> We surely can do. I'll see what can be done. Maybe an optional parameter
>> "namespace" in the yara_load API.
> Right, that is what I was thinking about.
>
>
>
> _______________________________________________
> Libguestfs mailing list
> Libguestfs at redhat.com
> https://www.redhat.com/mailman/listinfo/libguestfs
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libguestfs/attachments/20161124/803869d8/attachment.htm>
More information about the Libguestfs
mailing list