dissect.target.plugins.filesystem.yara
¶
Module Contents¶
Classes¶
Plugin to scan files against a local YARA rules file. |
Attributes¶
- dissect.target.plugins.filesystem.yara.YaraMatchRecord¶
- class dissect.target.plugins.filesystem.yara.YaraPlugin(target: dissect.target.Target)¶
Bases:
dissect.target.plugin.Plugin
Plugin to scan files against a local YARA rules file.
- DEFAULT_MAX_SIZE¶
- check_compatible() None ¶
Perform a compatibility check with the target.
This function should return
None
if the plugin is compatible with the current target (self.target
). For example, check if a certain file exists. Otherwise it should raise anUnsupportedPluginError
.- Raises:
UnsupportedPluginError – If the plugin could not be loaded.
- yara(rule_files, scan_path='/', max_size=DEFAULT_MAX_SIZE)¶
Scan files up to a given maximum size with a local YARA rule file.
Example
target-query <TARGET> -f yara –rule-file /path/to/yara_sigs.rule