33 releases (breaking)
0.29.0 | Sep 26, 2024 |
---|---|
0.28.0 | Jun 3, 2024 |
0.27.0 | May 6, 2024 |
0.25.0 | Feb 16, 2024 |
0.1.0 | May 30, 2018 |
#9 in #yara
753 downloads per month
Used in 6 crates
(via yara)
4MB
101K
SLoC
Contains (Windows exe, 2MB) 756684f4017ba7e931a26724ae61606b16b5f8cc84ed38a260a34e50c5016f59, (DOS exe, 360KB) ca21e1c32065352d352be6cde97f89c141d7737ea92434831f998080783d5386, (DOS exe, 320KB) yara/tests/data/pe_mingw, (Windows exe, 265KB) clusterfuzz-testcase-minimized-pe_fuzzer-5671228022718464, (DOS exe, 140KB) 33fc70f99be6d2833ae48852d611c8048d0c053ed0b2c626db4dbe902832a08b, (DOS exe, 79KB) yara/tests/data/pe_imports and 65 more.
yara-sys
Native bindings for the Yara library from VirusTotal. Only works with Yara v4.
More documentation can be found on the Yara's documentation.
Features
By default, this crate uses bindgen to generate bindings on-the-fly, but you can also use the following features to use pre-built bindings file for different version of Yara. Just make sure the version you specify is the same that the version on your system!
bindgen
: recommended: this is the default feature, to use generated bindings.vendored
: automatically compile and link libyara v4.5.2.bundled-4_5_2
: use pre-generated bindings for Yara 4.5.2. Useful if you do not want to install LLVM to run bindgen. However, you'll have to make sure you use a version of Yara with the same major and minor version number. List of supported targets:- x86_64-apple-darwin
- x86_64-pc-windows-gnu
- x86_64-pc-windows-msvc
- x86_64-unknown-linux-gnu
- x86_64-unknown-linux-musl
Link on already compiled libyara
This is the default, when the vendored
option is disabled.
You can specify the following environment variables:
YARA_LIBRARY_PATH
specifies the directory containing the Yara library binary.YARA_INCLUDE_DIR
specifies the directory containing the Yara include files, if you use thebindgen
feature.
You can also specify the yara-static
feature to link Yara statically
rather than dynamically.
Compile options for libyara v4.5.2
When using the vendored
feature, Yara will be automatically built and linked
statically with yara-sys.
You can set the following features change how Yara is built:
Features:
module-cuckoo
: enable cuckoo module (depends on Jansson for parsing JSON).module-magic
: enable magic module (depends on libmagic).module-macho
: enable macho module.module-dex
: enable dex module.module-debug-dex
: enable dex module debugging.module-dotnet
: enable dotnet module.module-hash
: enable hash module.profiling
: enable rules profiling support.ndebug
: enableNDEBUG
.openssl-static
: enable static link to OpenSSL rather then dynamically link.
ENV variables
YARA_CRYPTO_LIB
- which crypto lib to use for the hash and pe modules. Header files must be available during compilation, and the lib must be installed on the target platform. Recognized values:OpenSSL
,BoringSSL
,Wincrypt
,CommonCrypto
ordisable
. (default: will choose based on target os).YARA_DEBUG_VERBOSITY
- Set debug level information on runtime (default: 0)YARA_OPENSSL_DIR
- If specified, the directory of an OpenSSL installation. The directory should containlib
andinclude
subdirectories containing the libraries and headers respectively.YARA_OPENSSL_LIB_DIR
andYARA_OPENSSL_INCLUDE_DIR
- If specified, the directories containing the OpenSSL libraries and headers respectively. This can be used if the OpenSSL installation is split in a nonstandard directory layout.
Each of these variables can also be supplied with certain prefixes and suffixes, in the following prioritized order:
<var>_<target>
- for example,YARA_CRYPTO_LIB_x86_64-unknown-linux-gnu
<var>_<target_with_underscores>
- for example,YARA_CRYPTO_LIB_x86_64_unknown_linux_gnu
<var>
- a plainYARA_CRYPTO_LIB
, as above.
If none of these variables exist, yara-sys uses built-in defaults
License
Licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.