本文整理匯總了Python中yara.load方法的典型用法代碼示例。如果您正苦於以下問題:Python yara.load方法的具體用法?Python yara.load怎麽用?Python yara.load使用的例子?那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類yara的用法示例。
在下文中一共展示了yara.load方法的12個代碼示例,這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚,您的評價將有助於係統推薦出更棒的Python代碼示例。
示例1: is_malware
# 需要導入模塊: import yara [as 別名]
# 或者: from yara import load [as 別名]
def is_malware(filename):
if not os.path.exists("rules_compiled/malware"):
os.mkdir("rules_compiled/malware")
for n in os.listdir("rules/malware/"):
if not os.path.isdir("./" + n):
try:
rule = yara.compile("rules/malware/" + n)
rule.save("rules_compiled/malware/" + n)
rule = yara.load("rules_compiled/malware/" + n)
m = rule.match(filename)
if m:
return m
except:
pass # internal fatal error or warning
else:
pass
# Added by Yang 示例2: __init__
# 需要導入模塊: import yara [as 別名]
# 或者: from yara import load [as 別名]
def __init__(self):
Analyzer.__init__(self)
self.rulepaths = self.get_param('config.rules', None, 'No paths for rules provided.')
if isinstance(self.rulepaths, str):
self.rulepaths = [self.rulepaths]
self.ruleset = []
for rulepath in self.rulepaths:
if os.path.isfile(rulepath):
if rulepath[len(rulepath)-3:] == 'yar':
self.ruleset.append(yara.compile(rulepath))
elif rulepath[len(rulepath)-3:] == 'yas':
self.ruleset.append(yara.load(rulepath))
elif os.path.isdir(rulepath):
if os.path.isfile(rulepath + '/index.yas'):
self.ruleset.append(yara.load(rulepath + '/index.yas'))
elif os.path.isfile(rulepath + '/index.yar'):
self.ruleset.append(yara.compile(rulepath + '/index.yar')) 示例3: decrypt_rules
# 需要導入模塊: import yara [as 別名]
# 或者: from yara import load [as 別名]
def decrypt_rules(file_package):
privkey = import_RSA_key("%s.key" % file_package)
rsa_cipher = get_cipher_RSA_PKCS1_OAEP(privkey)
with open(file_package, "rb") as f:
encrypted_data = f.read()
aeskey = decrypt(encrypted_data[:RSA_MOD_SIZE], rsa_cipher)
aes_iv = encrypted_data[RSA_MOD_SIZE:RSA_MOD_SIZE + AES.block_size]
aes_cipher = get_cipher_AES(aeskey, aes_iv)
decrypted_rules_compressed = decrypt(encrypted_data[RSA_MOD_SIZE + AES.block_size:], aes_cipher)
decrypted_rules = decompress(decrypted_rules_compressed)
buffer = io.BytesIO(decrypted_rules)
rules = yara.load(file=buffer)
return rules 示例4: yara_on_demand
# 需要導入模塊: import yara [as 別名]
# 或者: from yara import load [as 別名]
def yara_on_demand(rule, theBuffer, externalVars={}, maxBytes=0):
try:
logging.debug("util: doing on demand yara scan with rule: %s" % rule)
logging.debug("util: externalVars: %s" % str(externalVars))
if rule not in yara_on_demand_rules:
if not is_compiled(rule):
logging.debug("util: compiling %s for lazy load" % rule)
yara_on_demand_rules[rule] = yara.compile(rule, externals=externalVars)
else:
yara_on_demand_rules[rule] = yara.load(rule)
if maxBytes and len(theBuffer) > maxBytes:
matches = yara_on_demand_rules[rule].match(data=buffer(theBuffer, 0, maxBytes) or 'EMPTY', externals=externalVars)
else:
matches = yara_on_demand_rules[rule].match(data=theBuffer or 'EMPTY', externals=externalVars)
return matches
except (QuitScanException, GlobalScanTimeoutError, GlobalModuleTimeoutError):
raise
except:
logging.exception("util: yara on demand scan failed with rule %s" % (rule))
raise 示例5: is_file_packed
# 需要導入模塊: import yara [as 別名]
# 或者: from yara import load [as 別名]
def is_file_packed(filename):
if not os.path.exists("rules_compiled/packers"):
os.mkdir("rules_compiled/packers")
for n in os.listdir("rules/packers"):
rule = yara.compile("rules/packers/" + n)
rule.save("rules_compiled/packers/" + n)
rule = yara.load("rules_compiled/packers/" + n)
m = rule.match(filename)
if m:
return m 示例6: is_malicious_document
# 需要導入模塊: import yara [as 別名]
# 或者: from yara import load [as 別名]
def is_malicious_document(filename):
if not os.path.exists("rules_compiled/maldocs"):
os.mkdir("rules_compiled/maldocs")
for n in os.listdir("rules/maldocs"):
rule = yara.compile("rules/maldocs/" + n)
rule.save("rules_compiled/maldocs/" + n)
rule = yara.load("rules_compiled/maldocs/" + n)
m = rule.match(filename)
if m:
return m 示例7: is_antidb_antivm
# 需要導入模塊: import yara [as 別名]
# 或者: from yara import load [as 別名]
def is_antidb_antivm(filename):
if not os.path.exists("rules_compiled/antidebug_antivm"):
os.mkdir("rules_compiled/antidebug_antivm")
for n in os.listdir("rules/antidebug_antivm"):
rule = yara.compile("rules/antidebug_antivm/" + n)
rule.save("rules_compiled/antidebug_antivm/" + n)
rule = yara.load("rules_compiled/antidebug_antivm/" + n)
m = rule.match(filename)
if m:
return m 示例8: check_crypto
# 需要導入模塊: import yara [as 別名]
# 或者: from yara import load [as 別名]
def check_crypto(filename):
if not os.path.exists("rules_compiled/crypto"):
os.mkdir("rules_compiled/crypto")
for n in os.listdir("rules/crypto"):
rule = yara.compile("rules/crypto/" + n)
rule.save("rules_compiled/crypto/" + n)
rule = yara.load("rules_compiled/crypto/" + n)
m = rule.match(filename)
if m:
return m 示例9: __init__
# 需要導入模塊: import yara [as 別名]
# 或者: from yara import load [as 別名]
def __init__(self, compiled_rules_file: str) -> None:
"""Initialize the analyzer with a prebuilt binary YARA rules file.
Args:
compiled_rules_file: Path to the binary rules file.
"""
self._rules = yara.load(compiled_rules_file)
self._compiled_rules_file = compiled_rules_file 示例10: mock_yara_load
# 需要導入模塊: import yara [as 別名]
# 或者: from yara import load [as 別名]
def mock_yara_load(rules_file: str) -> YaraRulesMock:
"""Redirect yara.load to read from Python's open()."""
with open(rules_file, 'rb') as f:
return YaraRulesMock(REAL_YARA_LOAD(file=f)) 示例11: test_compilation
# 需要導入模塊: import yara [as 別名]
# 或者: from yara import load [as 別名]
def test_compilation(self):
"""Ensure all real YARA rules compile correctly."""
compile_rules.compile_rules('compiled_yara_rules.bin')
rules = yara.load('compiled_yara_rules.bin')
num_rules_files = sum(1 for _ in compile_rules._find_yara_files())
# The number of compiled YARA rules should be >= the number of YARA rule files.
self.assertGreaterEqual(sum(1 for _ in rules), num_rules_files) 示例12: yara_scan
# 需要導入模塊: import yara [as 別名]
# 或者: from yara import load [as 別名]
def yara_scan(self):
'''
{
'tags': ['foo', 'bar'],
'matches': True,
'namespace': 'default',
'rule': 'my_rule',
'meta': {},
'strings': [(81L, '$a', 'abc'), (141L, '$b', 'def')]
}
'''
try:
self.yara_scan_result = []
yara_uncompiled_rules = static_conf["yara_uncompiled_rules"]
yara_compiled_rules = static_conf["yara_compiled_rules"]
yara_rules_list = []
# load rules
if yara_uncompiled_rules:
yara_rules_list.append(yara.compile(filepaths = yara_uncompiled_rules))
if yara_compiled_rules:
yara_rules_list.extend([yara.load(os.path.join(yara_compiled_rules,item)) for item in os.listdir(yara_compiled_rules)])
# match yara rules
for rules in yara_rules_list:
matches = rules.match(self.filepath)
self.yara_scan_result.extend([{"namespace":match.namespace,"rule":match.rule,"meta":match.meta} for match in matches])
except Exception as e:
self.logger.exception('%s: %s' % (Exception, e))