On 24/11/16 17:42, Pino Toscano wrote:|
https://github.com/VirusTotal/yara/issues/570On Tuesday, 22 November 2016 19:41:10 CET noxdafox wrote:yara_load supports loading rules already compiled, which could have a namespace set -- I guess it should be reported here as well.The namespace is accessible via the YR_RULE struct: https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242 Yet is nowere to be found in the C API documentation. http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE That's why I kept it out of the scope. I can obviously add it but we're not sure whether they will expose it differently in future versions of Yara.Drat... Maybe it would be worth asking them if it's just a documentation issue, or it is really private. In any case, it is not a big issue at the moment.
Let's keep it out for this patch series. I'll make sure we'll have a clear answer before the next stable release of libguestfs.
I'll slowly proceed applying the suggested changes. Thanks.
That triggers another question: should the yara support allow to load more rules one after each other (with namespaces as well), instead of just one?We surely can do. I'll see what can be done. Maybe an optional parameter "namespace" in the yara_load API.Right, that is what I was thinking about.