Compile YARA rules to test against files or strings
Maintainers
Project description
What is yara-ctypes:
- A powerful python wrapper for yara-project’s libyara v1.7.
- Supports thread safe matching of YARA rules.
- namespace management to allow easy loading of multiple YARA rules into a single libyara context.
- Comes with a scan module which exposes a user CLI and demonstrates a pattern for executing match jobs across a thread pool.
Why:
- ctypes releases the GIL on system function calls… Run your PC to its true potential.
- No more building the PyC extension…
- I found a few bugs and memory leaks and wanted to make my life simple.
As a reference and guide to yara-ctypes see: yara-ctypes documentation
For additional tips / tricks with this wrapper feel free to post a question at the github yara-ctypes/issues page.
Project hosting provided by github.com.
[mjdorma+yara-ctypes@gmail.com]
Install and run
Simply run the following:
> python setup.py install > python setup.py test > yara-ctypes -h
or PyPi:
> pip install yara > yara-ctypes -h
Note
If the package does not contain a pre-compiled libyara library for your platform you will need to build and install it. See notes on building.
Compatability
yara-ctypes is implemented to be compatible with Python 2.6+ and Python 3.x. It has been tested against the following Python implementations:
Ubuntu 12.04:
- CPython 2.7 (32bit, 64bit)
- CPython 3.2 (32bit, 64bit)
Ubuntu 11.10 :
- CPython 2.6 (32bit)
- CPython 2.7 (32bit)
- CPython 3.2 (32bit)
- CPython 3.3 (32bit)
- PyPy 1.9.0 (32bit)
Windows 7:
- CPython 2.6 (32bit, 64bit)
- CPython 3.2 (32bit, 64bit)
OS X Mountain Lion
- CPython 2.7 (64bit)
Continuous integration testing is provided by Travis CI.
Issues
Source code for yara-ctypes is hosted on GitHub. Please file bug reports with GitHub’s issues system.
Change log
version 1.7.2 (19/04/2013)
- cli improvements
- bug fixes
version 1.7.1 (17/04/2013)
- StdinScanner
- overlap control for stream chunk enqueueing
version 1.7.0 (15/04/2013)
- ships with builds of libyara-1.7
- compatibility issues solves with yara-1.7’s interface changes
- major change up and improvement to the scan command line interface.
- a lot more testing
version 1.6.5 (12/04/2013)
- more tech in scan
- improved test
- bug fixes
version 1.6.4 (11/04/2013)
- supports py3.3
- additional test
- improved scan interface
- bug fixes
version 1.6.3 (08/03/2013)
- bug fix to yara.py (callback callable check)
version 1.6.2 (28/02/2013)
- support for OS X Mountain Lion
version 1.6.1 (06/09/2012)
- Support for 64bit Windows
- Bug fixes
- Added documentation
version 1.6.0 (01/09/2012)
- Initial release
Release history Release notifications
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
| Filename, size & hash SHA256 hash help | File type | Python version | Upload date |
|---|---|---|---|
| yara-1.7.2.zip (398.8 kB) Copy SHA256 hash SHA256 | Source | None |
