For now, to update yara rules you need to reload the instance. As I can see, we have a chance to lose data if we will stop the scan process in the middle of YaraMatcher.process call. It would be nice to have the possibility to reinit YaraHandler if there are some changes in rules folder using Threading module.
As an example, we can adapt this script and if we have some changes in our yara rules - pause the scan, reinit the YaraMatcher, resume the scan.
For now, to update yara rules you need to reload the instance. As I can see, we have a chance to lose data if we will stop the scan process in the middle of
YaraMatcher.processcall. It would be nice to have the possibility to reinit YaraHandler if there are some changes in rules folder using Threading module.As an example, we can adapt this script and if we have some changes in our yara rules - pause the scan, reinit the YaraMatcher, resume the scan.