Provided by: yara_2.0.0-2_amd64 bug

NAME

       yara - find files matching patterns and rules written in a special-purpose language.

SYNOPSIS

       yara [OPTION]... [RULEFILE]... FILE | PID

DESCRIPTION

       Yara  scans  the  given  FILE  or the process indentified by PID looking if it matches the
       patterns and rules provided in  a  special  purpose-language.  The  rules  are  read  from
       RULEFILEs or standard input.

       The options to yara(1) are:

       -t tag Print  rules  tagged  as  tag and ignore the rest. This option can be used multiple
              times.

       -i identifier
              Print rules named identifier and ignore the rest. This option can be used  multiple
              times.

       -n     Print rules that doesn't apply (negate)

       -g     Print the tags associated to the rule.

       -m     Print metadata associated to the rule.

       -s     Print strings found in the file.

       -p number
              Use the specified number of threads to scan a directory.

       -l number
              Abort scanning after a number of rules matched.

       -a seconds
              Abort scanning after a number of seconds has elapsed.

       -d identifier=value
              Define an external variable. This option can be used multiple times.

       -r     Scan files in directories recursively.

       -f     Speeds up scanning by searching only for the first occurrence of each pattern.

       -w     Disable warnings.

       -v     Show version information.

EXAMPLES

       $ yara /foo/bar/rules1 /foo/bar/rules2 .

              Apply  rules  on  /foo/bar/rules1  and  /foo/bar/rules2  to  all  files  on current
              directory. Subdirectories are not scanned.

       $ yara -t Packer -t Compiler /foo/bar/rules bazfile

              Apply rules on /foo/bar/rules to bazfile.  Only reports rules tagged as  Packer  or
              Compiler.

       $ cat /foo/bar/rules1 | yara -r /foo

              Scan  all  files  in the /foo directory and its subdirectories. Rules are read from
              standard input.

       $ yara -d mybool=true -d myint=5 -d mystring="my string" /foo/bar/rules bazfile

              Defines three external variables mybool myint and mystring.

AUTHOR

       Victor M. Alvarez (victor.alvarez@virustotal.com)