We embed yara in some of our process to scan memory buffers. Most of the functionality to do this using libyara is already built in, but is not exposed in YaraScanner. This patch sets adds a similar set of scan methods to the YaraScanner API that accept a byte[] instead of a File.
Props to @mobileAgent for the initial time investment into this.
We embed yara in some of our process to scan memory buffers. Most of the functionality to do this using
libyarais already built in, but is not exposed inYaraScanner. This patch sets adds a similar set ofscanmethods to theYaraScannerAPI that accept abyte[]instead of aFile.Props to @mobileAgent for the initial time investment into this.