[Libguestfs] [PATCH v6 0/7] Feature: Yara file scanning

Matteo Cafasso noxdafox at gmail.com
Thu Apr 6 20:41:00 UTC 2017 

v6:

- use new test functions
- fix yara_detection struct field names
- revert yara_load function to initial version

With Pino we were exploring the idea of allowing Users to load multiple
rule files with subsequent calls to yara_load API.
https://www.redhat.com/archives/libguestfs/2016-November/msg00119.html
It turns out impractical due to YARA API limitations. It is possible
to load multiple rule source files into the compiler. Yet once compiled
no further rule file can be added.

This would make the yara_load API difficult to understand for the end User.
The yara tool iself cannot scan files with more than a rule file.
To combine multiple rule files the User is recommended to use the yarac tool.

This makes the yara_load API more similar to the yara workflow.

- further small fixes according to the v5 comments

After further

Matteo Cafasso (7):
  daemon: expose file upload logic
  appliance: add yara dependency
  New API: yara_load
  New API: yara_destroy
  New API: internal_yara_scan
  New API: yara_scan
  yara_scan: added API tests

 appliance/packagelist.in                 |   4 +
 configure.ac                             |   1 +
 daemon/Makefile.am                       |   4 +-
 daemon/cleanups.c                        |   9 +
 daemon/cleanups.h                        |   2 +
 daemon/daemon.h                          |   3 +
 daemon/upload.c                          |  70 +++----
 daemon/yara.c                            | 303 +++++++++++++++++++++++++++++++
 generator/Makefile.am                    |   3 +
 generator/actions.ml                     |   6 +-
 generator/actions_yara.ml                |  92 ++++++++++
 generator/actions_yara.mli               |  22 +++
 generator/proc_nr.ml                     |   3 +
 generator/structs.ml                     |   9 +
 gobject/Makefile.inc                     |   2 +
 java/Makefile.inc                        |   1 +
 java/com/redhat/et/libguestfs/.gitignore |   1 +
 lib/MAX_PROC_NR                          |   2 +-
 lib/Makefile.am                          |   1 +
 lib/yara.c                               | 127 +++++++++++++
 m4/guestfs_daemon.m4                     |  14 ++
 tests/yara/Makefile.am                   |  26 +++
 tests/yara/test-yara-scan.sh             |  61 +++++++
 23 files changed, 731 insertions(+), 35 deletions(-)
 create mode 100644 daemon/yara.c
 create mode 100644 generator/actions_yara.ml
 create mode 100644 generator/actions_yara.mli
 create mode 100644 lib/yara.c
 create mode 100644 tests/yara/Makefile.am
 create mode 100755 tests/yara/test-yara-scan.sh

--
2.11.0

More information about the Libguestfs mailing list