[Question] how to compile yara rules in python 3 #382
Comments
DEEP7696
changed the title
|
Hi DEEP7696, those are known issues. The first one is already fixed and there is a workaround for the second one, please see #339. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1>> I tried with yara module in python, got error:
https://yara.readthedocs.io/en/stable/yarapython.html
Start
Python 3.7.6 (default, Jan 8 2020, 20:23:39) [MSC v.1916 64 bit (AMD64)]
Type 'copyright', 'credits' or 'license' for more information
IPython 7.12.0 -- An enhanced Interactive Python. Type '?' for help.
In [1]: import yara
...: import os
In [2]: rules = yara.compile('rules-master\index.yar')
SyntaxError Traceback (most recent call last)
in
----> 1 rules = yara.compile('rules-master\index.yar')
SyntaxError: rules-master./malware/RAT_PoetRATPython.yar(453): can't open inclu
de file: ./webshells/Wshell_fire2013.yar
End
2>> I tried with yara module in python without include file, got error:
Start
In [2]: import yara
...: import os
...:
...: def rootdir(root_dir):
...: file_set = []
...: dir_set=[]
...: for dir_, , files in os.walk(root_dir):
...: for file_name in files:
...: #rel_dir = os.path.relpath(dir, root_dir)
...: rel_file = os.path.join(dir_, file_name)
...: if rel_file not in file_set:
...: file_set.append(rel_file)
...: if dir_ not in dir_set:
...: dir_set.append(dir_)
...: return file_set,dir_set
...: file_set,dir_set = rootdir(os.getcwd())
...:
...: filepaths = {}
...: for i in file_set:
...: ^Iif i.endswith('.yar'):
...: ^I^Ifilepaths[os.path.basename(i).split('.')[0]]=i
...:
...: rules = yara.compile(filepaths=filepaths)^I
SyntaxError Traceback (most recent call last)
in
21 filepaths[os.path.basename(i).split('.')[0]]=i
22
---> 23 rules = yara.compile(filepaths=filepaths)
SyntaxError: rules-master\malware\MALW_Httpsd_EL
F.yar(73): undefined identifier "is__elf"
End
The text was updated successfully, but these errors were encountered: