自動管理開源 yara 規則並執行掃描
go get github.com/EFForg/yaya
cd $GOPATH/src/github.com/EFForg/yaya
go build
go install
Yaya 依賴標準庫之外的以下軟體包:
您還必須安裝 yara4 C 庫。我們建議您使用以下命令從原始程式碼安裝它們:
wget https://github.com/VirusTotal/yara/archive/refs/tags/v4.1.0.tar.gz && mkdir yara && cd yara && tar xf ../v4.1.0.tar.gz
&& cd yara-4.1.0/ && ./bootstrap.sh && ./configure --enable-cuckoo --enable-magic --enable-dotnet && make && sudo make install && sudo ldconfig
更多資訊和文件可以在這裡找到
yaya [-h] <command> <path>
-h print this help screen
Commands:
update - update rulesets
edit - ban or remove rulesets
add - add a custom ruleset, located at <path>
scan - perform a yara scan on the directory at <path>
export - export all yara rules in single yar file in <path>
YAYA 包含一個 docker 文件,也可以透過將要掃描的路徑連結到容器中的路徑來在容器內運行。
