Provided by: yara_2.0.0-2_amd64
NAME
yara - find files matching patterns and rules written in a special-purpose language.
SYNOPSIS
yara [OPTION]... [RULEFILE]... FILE | PID
DESCRIPTION
Yara scans the given FILE or the process indentified by PID looking if it matches the patterns and rules provided in a special purpose-language. The rules are read from RULEFILEs or standard input. The options to yara(1) are: -t tag Print rules tagged as tag and ignore the rest. This option can be used multiple times. -i identifier Print rules named identifier and ignore the rest. This option can be used multiple times. -n Print rules that doesn't apply (negate) -g Print the tags associated to the rule. -m Print metadata associated to the rule. -s Print strings found in the file. -p number Use the specified number of threads to scan a directory. -l number Abort scanning after a number of rules matched. -a seconds Abort scanning after a number of seconds has elapsed. -d identifier=value Define an external variable. This option can be used multiple times. -r Scan files in directories recursively. -f Speeds up scanning by searching only for the first occurrence of each pattern. -w Disable warnings. -v Show version information.
EXAMPLES
$ yara /foo/bar/rules1 /foo/bar/rules2 . Apply rules on /foo/bar/rules1 and /foo/bar/rules2 to all files on current directory. Subdirectories are not scanned. $ yara -t Packer -t Compiler /foo/bar/rules bazfile Apply rules on /foo/bar/rules to bazfile. Only reports rules tagged as Packer or Compiler. $ cat /foo/bar/rules1 | yara -r /foo Scan all files in the /foo directory and its subdirectories. Rules are read from standard input. $ yara -d mybool=true -d myint=5 -d mystring="my string" /foo/bar/rules bazfile Defines three external variables mybool myint and mystring.
AUTHOR
Victor M. Alvarez (victor.alvarez@virustotal.com)