I run the docker container:

╰$ docker run -p 3993:3993 malice/yara web        
time="2018-08-03T11:04:19Z" level=info msg="web service listening on port :3993"

Then send a file for scan

╰$ http -f localhost:3993/scan malware@./shell.php
HTTP/1.1 200 OK
Content-Length: 15
Content-Type: application/json; charset=UTF-8
Date: Fri, 03 Aug 2018 11:04:24 GMT

{
    "matches": []
}

Get results, then try to run scan again

╰$ http -f localhost:3993/scan malware@./shell.php

http: error: ConnectionError: ('Connection aborted.', RemoteDisconnected('Remote end closed connection without response',)) while doing POST request to URL: http://localhost:3993/scan

Some error occurs.

However when I supply my own rules folder, it works okay.

That is a very strange bug. I was able to recreate it too. You can see when running docker ps -a that the docker container exited with a 139 error. If you google that there are a log of people getting the same error, but strangely people have fixed it by putting the COPY before the ENTRYPOINT/CMD so I am trying that now. Which might also explain why when you use your own rules it works????

Seems like a bug in docker itself

What version of docker are you running again?

Do other plugins work correctly? Maybe it doesn't like having to load the rules again for every scan, but you said it DOES work if you use your own rules? You can scan multiple times?

I'm starting to think this is an issue with go-yara. As other plugin's web service work fine with multiple requests

I believe I fixed it and the issue was it didn't like compiling the rules for every scan so now it only compiles them once which will also make it much faster and performant.

Thank you for bring this to my attention and feel free to re-open if the issue persists.

Sorry for a long reply. I haven't checked other plugins yet, yup it was working with my own rules..
Anyway, thank you for resolving the issue!