Public | Automated Build

Last pushed: a day ago
Short Description
The pattern matching swiss knife
Full Description

Yara Dockerfile

This repository contains a Dockerfile of Yara.


Dependencies

Image Tags

REPOSITORY          TAG                 SIZE
blacktop/yara       latest              55.2MB
blacktop/yara       3.7                 55.2MB
blacktop/yara       3.6                 53.8MB
blacktop/yara       3.5                 54.3MB
blacktop/yara       w-rules             60.4MB
blacktop/yara       no-py               15MB
blacktop/yara       3.4                 54.3MB
blacktop/yara       3.1.0               163.7MB (debian:jessie)

NOTE:

  • tag no-py is yara:3.6 without yara-python<br>
  • tag w-rules is yara:3.6 with some default yara rules included in the /rules directory.

Installation

  1. Install Docker.
  2. Download trusted build from public Docker Registry: docker pull blacktop/yara

Getting Started

$ docker run --rm -v /path/to/rules:/rules:ro \
                  -v /path/to/malware:/malware:ro \
                  blacktop/yara /rules/RULES_FILE FILE
YARA 3.6.0, the pattern matching swiss army knife.
Usage: yara [OPTION]... RULES_FILE FILE | DIR | PID

Mandatory arguments to long options are mandatory for short options too.

  -t,  --tag=TAG                   print only rules tagged as TAG
  -i,  --identifier=IDENTIFIER     print only rules named IDENTIFIER
  -n,  --negate                    print only not satisfied rules (negate)
  -D,  --print-module-data         print module data
  -g,  --print-tags                print tags
  -m,  --print-meta                print metadata
  -s,  --print-strings             print matching strings
  -L,  --print-string-length       print length of matched strings
  -e,  --print-namespace           print rules' namespace
  -p,  --threads=NUMBER            use the specified NUMBER of threads to scan a directory
  -l,  --max-rules=NUMBER          abort scanning after matching a NUMBER of rules
  -d VAR=VALUE                     define external variable
  -x MODULE=FILE                   pass FILE's content as extra data to MODULE
  -a,  --timeout=SECONDS           abort scanning after the given number of SECONDS
  -k,  --stack-size=SLOTS          set maximum stack size (default=16384)
  -r,  --recursive                 recursively search directories
  -f,  --fast-scan                 fast matching mode
  -w,  --no-warnings               disable warnings
       --fail-on-warnings          fail on warnings
  -v,  --version                   show version information
  -h,  --help                      show this help and exit

Send bug reports and suggestions to: vmalvarez@virustotal.com.

Add the following to your bash or zsh profile

alias yara='docker run -it --rm -v $(pwd):/malware:ro blacktop/yara $@'

Documentation

Usage

$ yara [OPTION]... RULES_FILE FILE | DIR | PID

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue and I'll get right on it.

License

MIT Copyright (c) 2014-2017 blacktop

Docker Pull Command
Owner
blacktop
Source Repository