[Libguestfs] [PATCH v5 3/7] New API: yara_load
Richard W.M. Jones
rjones at redhat.com
Wed Apr 5 08:56:37 UTC 2017
On Tue, Apr 04, 2017 at 07:39:25PM +0300, Matteo Cafasso wrote:
> The yara_load API allows to load a set of Yara rules contained within a
> file on the host.
>
> Rules can be in binary format, as when compiled with yarac command, or
> in source code format. In the latter case, the rules will be first
> compiled and then loaded.
>
> Subsequent calls of the yara_load API will result in the discard of the
> previously loaded rules.
> +let daemon_functions = [
> + { defaults with
> + name = "yara_load"; added = (1, 37, 9);
> + style = RErr, [FileIn "filename";], [OString "namespace"];
> + progress = true; cancellable = true;
> + optional = Some "libyara";
> + shortdesc = "load yara rules within libguestfs";
> + longdesc = "\
> +Load a set of Yara rules from F<filename> within libguestfs appliance.
> +Rules can be in binary format, as when compiled with yarac command, or
> +in source code format. In the latter case, the rules will be first
> +compiled and then loaded.
> +Rules in source code format cannot include external files. In such cases,
> +it is recommended to compile them first.
> +Different rules files can be loaded sequentially. The optional parameter
> +C<namespace> can be used to distinguish rules with the same identifier
> +but belonging to different files." };
It's really unclear to me how to use this API. How do rules get
loaded into the appliance?
There are no examples either, and only a single test.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://people.redhat.com/~rjones/virt-df/
More information about the Libguestfs
mailing list