вот код testit.py:
#! /usr/bin/env python # -*- coding: utf-8 -*- import sys import yara pathb = sys.path.incert (0, "C:\Python27\Lib\site-packages\base\main.yara") pathr = sys.path.incert (0, "C:") yara -r 'pathb' 'pathr' raw_input()
#! /usr/bin/env python # -*- coding: utf-8 -*- import sys import yara pathb = sys.path.incert (0, "C:\Python27\Lib\site-packages\base\main.yara") pathr = sys.path.incert (0, "C:") yara -r 'pathb' 'pathr' raw_input()
Altairk91Может и не надо?
Python'ом раньше не работал.
yara -r 'pathb' 'pathr'
Once yara-python is built and installed on your system you can use it as shown below:
import yara
Then you will need to compile your YARA rules before applying them to your data, the
rules can be compiled from a file path:
rules = yara.compile(filepath='/foo/bar/myrules')
The default argument is 'filepath', so you don't need to explicitly specify its name:
rules = yara.compile('/foo/bar/myrules')
You can also compile your rules from a file object:
fh = open('/foo/bar/myrules')
rules = yara.compile(file=fh)
fh.close()
Or you can compile them directly from a Python string:
rules = yara.compile(source='rule dummy { condition: true }')
If you want to compile a group of files or strings at the same time you can do it by using
the 'filepaths' or 'sources' named arguments:
rules = yara.compile(filepaths={
'namespace1':'/my/path/rules1',
'namespace2':'/my/path/rules2'
})
rules = yara.compile(sources={
'namespace1':'rule dummy { condition: true }',
'namespace2':'rule dummy { condition: false }'
})
Notice that both 'filepaths' and 'sources' must be dictionaries with keys of string type. The dictionary
keys are used as a namespace identifier, allowing to differentiate between rules with the same name in
different sources, as occurs in the second example with the “dummy” name.
The compile method also have an optional boolean parameter 'includes' which allows you to control
whether or not the include directive should be accepted in the source files, for example:
rules = yara.compile('/foo/bar/myrules', includes=False)
If the source file contains include directives the previous line would raise an exception.
If you are using external variables in your rules you must define those externals variables either while
compiling the rules, or while applying the rules to some file. To define your variables at the moment of
compilation you should pass the 'externals' parameter to the compile method. For example:
rules = yara.compile( '/foo/rules',
externals= {
'var1': 'some string',
'var2': 4,
'var3': True
})
The 'externals' parameter must be a dictionary with the names of the variables as keys and an associated
value of either string, integer or boolean type.
In all cases compile returns an instance of the class Rules, which in turn has a match method:
matches = rules.match('/foo/bar/myfile')
But you can also apply the rules to a Python string:
f = fopen('/foo/bar/myfile', 'rb')
matches = rules.match(data=f.read())
As in the case of compile, the 'match' method can receive definitions for externals variables in the externals
parameter.
matches = rules.match( '/foo/bar/myfile',
externals= {
'var1': 'some other string',
'var4': 100,
})