I want to load precompiled Yara rules in Rust code.

VirusTotal / yara-x

A rewrite of YARA in Rust.

https://virustotal.github.io/yara-x/

BSD 3-Clause "New" or "Revised" License

656 stars 49 forks source link

I want to load precompiled Yara rules in Rust code. #176

Closed coalooball closed 3 months ago

coalooball commented 3 months ago

After using the command:

yr compile some_files.yar -o some_files.yarc

how can I use the API in yara_x to load some_files.yarc and match content? I've looked through the interfaces of rust yara_x::Compiler and rust yara_x::Rules but haven't found a function to achieve this. I would greatly appreciate it if you could guide me on how to write the code for this. Thank you very much!

plusvic commented 3 months ago

You must use Rules::deserialize_from, for instance:

let file = File::open(rules_path)?;
let rules = Rules::deserialize_from(file)?;

coalooball commented 3 months ago

You must use Rules::deserialize_from, for instance:
let file = File::open(rules_path)?;
let rules = Rules::deserialize_from(file)?;

Thank you very much. I previously thought it was a similar interface to yr_rules_load, so I couldn't find it.