Skip to content

p8a/yara-java

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 2 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
src
 
 
.gitignore
 
 
.travis.yml
 
 
LICENSE
 
 
README.md
 
 
pom.xml
 
 
Highlights How to build Get and build yara source code Get and build yara-java Usage and examples Notes

README.md

Build Status

Highlights

  • Does not require yara to be deployed (embeds all needed native dependencies)
  • Supports two modes of operation:
    • External: yara binary extracted and executed as a child process
    • Embedded: yara jnilib runs embedded in the java process
  • Rules can be loaded as strings, files or archives; for archives will recursively look for and load all yara rule files
  • Matches are returned with identifier, metadata and tags
  • Negate, timeout and limit supported
  • Support yara 4.0.2 -- 2021/1/17

How to build

Get and build yara source code

Example (building from 4.0.2 version)

git clone https://github.com/virustotal/yara.git
cd yara
git checkout tags/v4.0.2
./bootstrap.sh
./configure --enable-shared --without-crypto CFLAGS=-fPIC
make

Get and build yara-java

Example (in "yara" folder):

git clone https://github.com/p8a/yara-java.git
cd yara-java
mvn clean install

Usage and examples

See the unit tests

Notes

After you successfully added some sources you can get the compiled rules using the yr_compiler_get_rules() function. You'll get a pointer to a YR_RULES structure which can be used to scan your data as described in Scanning data. Once yr_compiler_get_rules() is invoked you can not add more sources to the compiler, but you can call yr_compiler_get_rules() multiple times. Each time this function is called it returns a pointer to the same YR_RULES structure. Notice that this behaviour is new in YARA 4.0.0, in YARA 3.X and 2.X yr_compiler_get_rules() returned a new copy the YR_RULES structure.Instances of YR_RULES must be destroyed with yr_rules_destroy().

When you call YaraCompilerImpl.createScanner() multiple times. the return YaraScanner will point to the same YR_RULES structure. so, you cann't destroy YaraScanner multiple times!!!

About

Java bindings for Yara

Resources

Readme

License

Apache-2.0 license

Stars

18 stars

Watchers

5 watching

Forks

24 forks

Releases

2 tags

Packages

No packages published

Contributors 5

Languages