yaramod 1.1.0b1

Library for manipulation of YARA files.

# yaramod

[](https://travis-ci.org/avast-tl/yaramod)
[](https://ci.appveyor.com/project/avast-tl/yaramod?branch=master)

`yaramod` is a library that provides parsing of [YARA](https://github.com/VirusTotal/yara) rules into AST and a C++ programming interface to build new YARA rulesets. This project is not associated with the YARA project.

`yaramod` also comes with Python bindings and this repository should be fully compatible with installation using `pip`.

## Usage Example

See the [wiki](https://github.com/avast-tl/yaramod/wiki).

## Requirements

* C++ compiler with C++14 support
* On Windows, only Microsoft Visual C++ is supported (version >= Visual Studio 2015).
* CMake (version >= 3.6)
* Flex (version >= 2.6)
* Bison (version >= 3.0)

If you are also insterested in Python bindings:
* GCC 5+ (for Linux/Unix, should remain the same for other compilers and platforms)
* Python 3+

## Build and Installation

* Clone the repository:
* `git clone https://github.com/avast-tl/yaramod.git`
* Linux:
* `cd yaramod`
* `mkdir build && cd build`
* `cmake -DCMAKE_BUILD_TYPE=<Debug|Release> .. [OPTIONS...]`
* `make -jN` (`N` is the number of CPU cores to use for parallel build)
* Windows:
* Open a command prompt (e.g. `C:\msys64\msys2_shell.cmd` from [MSYS2](https://github.com/avast-tl/retdec/wiki/Windows-Environment))
* `cd yaramod`
* `mkdir build && cd build`
* `cmake -G<generator> .. [OPTIONS...]`
* `-G<generator>` is `-G"Visual Studio 14 2015"` for 32-bit build using Visual Studio 2015, or `-G"Visual Studio 14 2015 Win64"` for 64-bit build using Visual Studio 2015. Of course, any later version of Visual Studio may be used.
* `cmake --build . --config Release -- -m`
* Alternatively, you can open `yaramod.sln` generated by `cmake` in Visual Studio IDE.

Available options are:
* `YARAMOD_DOC` - provide build target `doc` for building documentation with Doxygen. (Default: OFF)
* `YARAMOD_TESTS` - build unit tests. (Default: OFF)

### Python bindings

The easiest way to get Python bindings to work is through `pip` like this:

```
pip install git+https://github.com/avast-tl/yaramod.git
```

If you want to clone and build the repository yourselves you can do so by following these steps:

* Setup virtual environment if you don't want to install `yaramod` into your system python:
* `./setup_env.sh`
* `source use_env.sh`
* Run compilation and installation of python bindings:
* `python setup.py build OPTIONS`
* `python setup.py install`
* Allowed `OPTIONS` are:
* `--with-unit-tests` - Build also C++ unit tests.
* `--debug` - Build debug configuration.

## API Documentation

You can generate the API documentation by yourself. Pass `-DYARAMOD_DOC=ON` to `cmake` and run `make doc`.

## License

Copyright (c) 2017 Avast Software, licensed under the MIT license. See the `LICENSE` file for more details.

`yaramod` uses third-party libraries or other resources listed, along with their licenses, in the `LICENSE-THIRD-PARTY` file.

## Contributing

See [RetDec contribution guidelines](https://github.com/avast-tl/retdec/wiki/Contribution-Guidelines).

















### Differences in Python Bindings

* Certain enums that contain `None` value in C++ are named `Empty` in Python because of name clash with keyword