Documentation ¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func WithBlockSize ¶
func WithBlockSize(size int) func(writer *YaraReader)
WithBlockSize Sets the default buffer and block size for in-memory scanning
func WithFilenameTip ¶
func WithFilenameTip(filename string) func(writer *YaraReader)
WithFilenameTip Will tip the Decoder on possible archive types
func WithMaxLevel ¶
func WithMaxLevel(level int) func(writer *YaraReader)
WithMaxLevel Will prevent the Reader to inspect archives under and given level
Types ¶
type RuleDirectory ¶
type YaraReader ¶
type YaraReader struct { Infected bool // contains filtered or unexported fields }
func (*YaraReader) First ¶
func (s *YaraReader) First() *yara.MemoryBlock
First Will fetch the first block and cache it in our reader for further calls
func (*YaraReader) Next ¶
func (s *YaraReader) Next() *yara.MemoryBlock
Next Will fetch the next block for scanning
func (*YaraReader) RuleMatching ¶
func (y *YaraReader) RuleMatching(_ *yara.ScanContext, rule *yara.Rule) (bool, error)
RuleMatching will be called by the engine when a rule is matched
type YaraScanner ¶
type YaraScanner struct {
// contains filtered or unexported fields
}
func NewYaraScanner ¶
func NewYaraScanner(ruleDirectories ...RuleDirectory) (*YaraScanner, error)
NewYaraScanner Will return a new scanner with rules compiled
func (*YaraScanner) ScanReader ¶
func (s *YaraScanner) ScanReader(reader io.Reader, opts ...func(writer *YaraReader)) ([]*yara.Rule, error)
ScanReader Will scan a given reader until EOF or an error happens. It will scan archives.
Click to show internal directories.
Click to hide internal directories.