Skip to main content

Compile YARA rules to test against files or strings

Project description

What is yara-ctypes:

  • A powerful python wrapper for yara-project’s libyara v1.6.
  • Supports thread safe matching of YARA rules.
  • namespace management to allow easy loading of multiple YARA rules into a single libyara context.
  • Comes with a scan module which exposes a user CLI and demonstrates a pattern for executing match jobs across a thread pool.


  • ctypes releases the GIL on system function calls… Run your PC to its true potential.
  • No more building the PyC extension…
  • I found a few bugs and memory leaks and wanted to make my life simple.

As a reference and guide to yara-ctypes see: yara-ctypes documentation

For additional tips / tricks with this wrapper feel free to post a question at the github yara-ctypes/issues page.

Project hosting provided by


Install and run

Simply run the following:

> python install
> python test
> python -m yara.scan -h

or PyPi:

> pip install yara
> python -m yara.scan -h


If the package does not contain a pre-compiled libyara library for your platform you will need to build and install it. See notes on building.


yara-ctypes is implemented to be compatible with Python 2.6+ and Python 3.x. It has been tested against the following Python implementations:

Ubuntu 12.04:

  • CPython 2.7 (32bit, 64bit)
  • CPython 3.2 (32bit, 64bit)

Ubuntu 11.10 build_status:

  • CPython 2.6 (32bit)
  • CPython 2.7 (32bit)
  • CPython 3.2 (32bit)
  • CPython 3.3 (32bit)
  • PyPy 1.9.0 (32bit)

Windows 7:

  • CPython 2.6 (32bit, 64bit)
  • CPython 3.2 (32bit, 64bit)

OS X Mountain Lion

  • CPython 2.7 (64bit)

Continuous integration testing is provided by Travis CI.


Source code for yara-ctypes is hosted on GitHub. Please file bug reports with GitHub’s issues system.

Change log

version 1.6.5 (12/04/2013)

  • more tech in scan
  • improved test
  • bug fixes

version 1.6.4 (11/04/2013)

  • supports py3.3
  • additional test
  • improved scan interface
  • bug fixes

version 1.6.3 (08/03/2013)

  • bug fix to (callback callable check)

version 1.6.2 (28/02/2013)

  • support for OS X Mountain Lion

version 1.6.1 (06/09/2012)

  • Support for 64bit Windows
  • Bug fixes
  • Added documentation

version 1.6.0 (01/09/2012)

  • Initial release

Project details

Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Filename, size & hash SHA256 hash help File type Python version Upload date (377.3 kB) Copy SHA256 hash SHA256 Source None

Supported by

Elastic Elastic Search Pingdom Pingdom Monitoring Google Google BigQuery Sentry Sentry Error logging AWS AWS Cloud computing DataDog DataDog Monitoring Fastly Fastly CDN SignalFx SignalFx Supporter DigiCert DigiCert EV certificate StatusPage StatusPage Status page