Provided by: yara_2.0.0-2_amd64 
NAME
yara - find files matching patterns and rules written in a special-purpose language.
SYNOPSIS
yara [OPTION]... [RULEFILE]... FILE | PID
DESCRIPTION
Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules
provided in a special purpose-language. The rules are read from RULEFILEs or standard input.
The options to yara(1) are:
-t tag Print rules tagged as tag and ignore the rest. This option can be used multiple times.
-i identifier
Print rules named identifier and ignore the rest. This option can be used multiple times.
-n Print rules that doesn't apply (negate)
-g Print the tags associated to the rule.
-m Print metadata associated to the rule.
-s Print strings found in the file.
-p number
Use the specified number of threads to scan a directory.
-l number
Abort scanning after a number of rules matched.
-a seconds
Abort scanning after a number of seconds has elapsed.
-d identifier=value
Define an external variable. This option can be used multiple times.
-r Scan files in directories recursively.
-f Speeds up scanning by searching only for the first occurrence of each pattern.
-w Disable warnings.
-v Show version information.
EXAMPLES
$ yara /foo/bar/rules1 /foo/bar/rules2 .
Apply rules on /foo/bar/rules1 and /foo/bar/rules2 to all files on current directory.
Subdirectories are not scanned.
$ yara -t Packer -t Compiler /foo/bar/rules bazfile
Apply rules on /foo/bar/rules to bazfile. Only reports rules tagged as Packer or Compiler.
$ cat /foo/bar/rules1 | yara -r /foo
Scan all files in the /foo directory and its subdirectories. Rules are read from standard input.
$ yara -d mybool=true -d myint=5 -d mystring="my string" /foo/bar/rules bazfile
Defines three external variables mybool myint and mystring.
AUTHOR
Victor M. Alvarez (victor.alvarez@virustotal.com)
Victor M. Alvarez September 22, 2008 yara(1)