Introduction to yara-ctypes-python¶
What is yara-ctypes:
- A powerful python wrapper for yara-project’s libyara v1.6.
- Supports thread safe matching of YARA rules.
- namespace management to allow easy loading of multiple YARA rules into a single libyara context.
- Comes with a scan module which exposes a user CLI and demonstrates a pattern for executing match jobs across a thread pool.
- ctypes releases the GIL on system function calls... Run your PC to its true potential.
- No more building the PyC extension...
- I found a few bugs and memory leaks and wanted to make my life simple.
As a reference and guide to yara-ctypes see: yara-ctypes documentation
For additional tips / tricks with this wrapper feel free to post a question at the github yara-ctypes/issues page.
Project hosting provided by github.com.
- Install guide
- How to scan using yara-ctypes
- Building libyara-1.6 for yara-ctypes
yara.scan— Thread pool execution of rules matching
yara.cli— A command line YARA rules scanning utility
yara.rules— YARA namespaces, compilation, and matching
yara.libyara_wrapper— ctypes wrapper for libyara