Xedge>> docker-yara>> 返回
项目作者: blacktop

项目描述 :
Yara Dockerfile
高级语言: YARA
项目地址: git://github.com/blacktop/docker-yara.git
创建时间: 2014-07-12T22:30:59Z
项目社区:https://github.com/blacktop/docker-yara
开源协议:MIT License
下载


YARA-logo

Yara Dockerfile

Publish Docker Image License Docker Stars Docker Pulls Docker Image

This repository contains a Dockerfile of Yara.

Dependencies

Image Tags

  1. REPOSITORY          TAG                 SIZE
  2. blacktop/yara       latest              64.6MB
  3. blacktop/yara       4.2                 64.6MB
  4. blacktop/yara       4.1                 63.1MB
  5. blacktop/yara       4.0                 60MB
  6. blacktop/yara       3.11                57.6MB
  7. blacktop/yara       3.10                53.6MB
  8. blacktop/yara       3.9                 53.6MB
  9. blacktop/yara       3.8                 55.8MB
  10. blacktop/yara       3.7                 55.2MB
  11. blacktop/yara       3.6                 55.8MB
  12. blacktop/yara       3.5                 54.3MB
  13. blacktop/yara       w-rules             60.4MB
  14. blacktop/yara       no-py               15MB
  15. blacktop/yara       3.4                 54.3MB
  16. blacktop/yara       3.1.0               163.7MB (debian:jessie)

NOTE:

  • tag no-py is yara:4.1 without yara-python
  • tag w-rules is yara:4.1 with some default yara rules included in the /rules directory.

Installation

  1. Install Docker.
  2. Download trusted build from public Docker Registry: docker pull blacktop/yara

Getting Started

  1. $ docker run --rm -v /path/to/rules:/rules:ro \
  2.                   -v /path/to/malware:/malware:ro \
  3.                   blacktop/yara /rules/RULES_FILE FILE
  1. YARA 3.6.0, the pattern matching swiss army knife.
  2. Usage: yara [OPTION]... RULES_FILE FILE | DIR | PID
  4. Mandatory arguments to long options are mandatory for short options too.
  6.   -t,  --tag=TAG                   print only rules tagged as TAG
  7.   -i,  --identifier=IDENTIFIER     print only rules named IDENTIFIER
  8.   -n,  --negate                    print only not satisfied rules (negate)
  9.   -D,  --print-module-data         print module data
  10.   -g,  --print-tags                print tags
  11.   -m,  --print-meta                print metadata
  12.   -s,  --print-strings             print matching strings
  13.   -L,  --print-string-length       print length of matched strings
  14.   -e,  --print-namespace           print rules' namespace
  15.   -p,  --threads=NUMBER            use the specified NUMBER of threads to scan a directory
  16.   -l,  --max-rules=NUMBER          abort scanning after matching a NUMBER of rules
  17.   -d VAR=VALUE                     define external variable
  18.   -x MODULE=FILE                   pass FILE's content as extra data to MODULE
  19.   -a,  --timeout=SECONDS           abort scanning after the given number of SECONDS
  20.   -k,  --stack-size=SLOTS          set maximum stack size (default=16384)
  21.   -r,  --recursive                 recursively search directories
  22.   -f,  --fast-scan                 fast matching mode
  23.   -w,  --no-warnings               disable warnings
  24.        --fail-on-warnings          fail on warnings
  25.   -v,  --version                   show version information
  26.   -h,  --help                      show this help and exit
  28. Send bug reports and suggestions to: vmalvarez@virustotal.com.

Add the following to your bash or zsh profile

  1. alias yara='docker run -it --rm -v "$(pwd)":/malware:ro blacktop/yara $@'

Documentation

Usage

  1. $ yara [OPTION]... RULES_FILE FILE | DIR | PID

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don’t hesitate to file an issue and I’ll get right on it.

License

MIT Copyright (c) 2014-2021 blacktop