Doesn't using my own yara rule file to detect linux elf malware file?
linlih opened this issue · comments
linlih commented
as the title says
linlih commented
In this file : src/check.py, following code:
# Added by Yang
def is_your_target(filename, yara_file):
if not os.path.exists("rules_compiled/your_target"):
os.mkdir("rules_compiled/your_target")
if os.path.isdir(yara_file):
for n in os.listdir(yara_file):
if not os.path.isdir("./" + n):
try:
rule = yara.compile(yara_file + "/" + n)
rule.save("rules_compiled/your_target/" + n)
rule = yara.load("rules_compiled/malware/" + n)
m = rule.match(filename)
if m:
return m
except:
pass
else:
pass
elif os.path.isfile(yara_file):
try:
rule = yara.compile(yara_file)
rule.save("rules_compiled/your_target/" + yara_file)
rule = yara.load("rules_compiled/malware/" + yara_file)
m = rule.match(filename)
if m:
return m
except:
pass
else:
return "[x] Wrong type of input!"
why the rule save to your_target
directory, and load from malware
directory, it doesn't make any sense
Evan-Sa commented
Hello, can you provide more information , an example of what is failing and the output error. I do not full understand from your description what is failing.