allow to specify the file location as a rule condition

odin1314 / yara-project

Automatically exported from code.google.com/p/yara-project

Apache License 2.0

0 stars 0 forks source link

allow to specify the file location as a rule condition #19

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago

I'd like to be able to specify the file location (either an absolute folder 
such as C:\Windows\System32 or folders subtree such as C:\Windows\System32\**) 
as a condition to a rule. 
rule will match only if the the condition satisfies and the file is in the 
specified location

thanks

Original issue reported on code.google.com by asafd...@gmail.com on 28 May 2011 at 3:42

GoogleCodeExporter commented 9 years ago

YARA rules are agnostic about the file path they are analyzing, and should be 
kept that way because rules can be applied not only to files, but to data 
buffers and proceses as well. However you can do what you want by writing your 
own Python script usingthe yara-python extension.

Original comment by plus...@gmail.com on 28 May 2011 at 9:52

Changed state: WontFix
Added labels: Type-Enhancement
Removed labels: Type-Defect