TechQA.

Merge clamAV with YARA and Python3

543 views Asked by At

I want to merge clamAV python and YARA rules. The target is to, on demand, scan with YARA rules that i have made. I wrote this simple script and work just fine 

import pyclamd
cd=pyclamd.ClamdAgnostic()
x=cd.scan_file('/home/john/Desktop/workSpace/yara/2.pdf')
if x is False: 
    print ("no ")
else :
    print ("Yes")

is there a way to scan the same .pdf file using YARA rules BUT through pyclamd?

python python-3.x yara
Original Q&A
1

There are 1 answers

0
Anagnostou John On BEST ANSWER

I figure out the answer. It seems that ClamAV can read *.yara files and search additionally to the existed virus database. The solution is to put a yara rule to the /var/lib/clamav directory. The code need a little modification just to reload the ClamdAgnostic() and voila. 

import pyclamd
cd=pyclamd.ClamdAgnostic()
cd.reload()
x=cd.scan_file('/home/john/Desktop/workSpace/yara/2.pdf)
print (x)

If the rule is true then you will see a print output with the rule that is used 

{'/home/john/Desktop/workSpace/yara/2.pdf': ('FOUND', 'YARA.testFor2.UNOFFICIAL')}

else the output will be Null

Related Questions in PYTHON

Related Questions in PYTHON-3.X

Related Questions in YARA

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions