On Tuesday, 22 November 2016 19:41:10 CET noxdafox wrote: > > yara_load supports loading rules already compiled, which could have a > > namespace set -- I guess it should be reported here as well. > The namespace is accessible via the YR_RULE struct: > https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242 > > Yet is nowere to be found in the C API documentation. > http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE > > That's why I kept it out of the scope. I can obviously add it but we're > not sure whether they will expose it differently in future versions of Yara. Drat... Maybe it would be worth asking them if it's just a documentation issue, or it is really private. In any case, it is not a big issue at the moment. > > That triggers another question: should the yara support allow to load > > more rules one after each other (with namespaces as well), instead of > > just one? > We surely can do. I'll see what can be done. Maybe an optional parameter > "namespace" in the yara_load API. Right, that is what I was thinking about. -- Pino Toscano
Description: This is a digitally signed message part.