:py:mod:`dissect.target.plugins.filesystem.yara`
================================================

.. py:module:: dissect.target.plugins.filesystem.yara


Module Contents
---------------

Classes
~~~~~~~

.. autoapisummary::

   dissect.target.plugins.filesystem.yara.YaraPlugin




Attributes
~~~~~~~~~~

.. autoapisummary::

   dissect.target.plugins.filesystem.yara.YaraMatchRecord


.. py:data:: YaraMatchRecord

   

.. py:class:: YaraPlugin(target: dissect.target.Target)


   Bases: :py:obj:`dissect.target.plugin.Plugin`

   Plugin to scan files against a local YARA rules file.

   .. py:attribute:: DEFAULT_MAX_SIZE

      

   .. py:method:: check_compatible() -> None

      Perform a compatibility check with the target.

      This function should return ``None`` if the plugin is compatible with
      the current target (``self.target``). For example, check if a certain
      file exists.
      Otherwise it should raise an ``UnsupportedPluginError``.

      :raises UnsupportedPluginError: If the plugin could not be loaded.


   .. py:method:: yara(rule_files, scan_path='/', max_size=DEFAULT_MAX_SIZE)

      Scan files up to a given maximum size with a local YARA rule file.

      .. rubric:: Example

      target-query <TARGET> -f yara --rule-file /path/to/yara_sigs.rule