[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Libguestfs] [PATCH v2 4/6] New API: internal_yara_scan



On 24/11/16 17:42, Pino Toscano wrote:
On Tuesday, 22 November 2016 19:41:10 CET noxdafox wrote:
yara_load supports loading rules already compiled, which could have a
namespace set -- I guess it should be reported here as well.
The namespace is accessible via the YR_RULE struct:
https://github.com/VirusTotal/yara/blob/master/libyara/include/yara/types.h#L242

Yet is nowere to be found in the C API documentation.
http://yara.readthedocs.io/en/v3.5.0/capi.html#c.YR_RULE

That's why I kept it out of the scope. I can obviously add it but we're 
not sure whether they will expose it differently in future versions of Yara.
Drat... Maybe it would be worth asking them if it's just a documentation
issue, or it is really private. In any case, it is not a big issue at
the moment.
https://github.com/VirusTotal/yara/issues/570

Let's keep it out for this patch series. I'll make sure we'll have a clear answer before the next stable release of libguestfs.

I'll slowly proceed applying the suggested changes. Thanks.

That triggers another question: should the yara support allow to load
more rules one after each other (with namespaces as well), instead of
just one?
We surely can do. I'll see what can be done. Maybe an optional parameter 
"namespace" in the yara_load API.
Right, that is what I was thinking about.



_______________________________________________
Libguestfs mailing list
Libguestfs redhat com
https://www.redhat.com/mailman/listinfo/libguestfs


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]