Nim binding for libyara4 - <https://github.com/dmknght/nimyara> Example of how to use API to scan files, directories: <https://github.com/dmknght/nimyara/blob/master/tests/sample_scan.nim> Documentation for Yara API: <https://yara.readthedocs.io/en/stable/capi.html> Example: scan zip file with Yara binding and nim zip (<https://github.com/nim-lang/zip)>: proc do_unzip_scan*(scanner: ptr YR_SCANNER, path: string, user_data: ptr CallbackArgs) = # FIXME huge memory usage. Likely because of lib var zip: ZipArchive if not zip.open(path): echo "Failed to open file" else: for zipped_file in walkFiles(zip): # https://github.com/nim-lang/zip/blob/master/zip/zipfiles.nim#L142 let extracted_name = getMD5(zipped_file) tmpFile = "/tmp/" & extracted_name if cast[ptr CallbackArgs](user_data).scanningPath == "": cast[ptr CallbackArgs](user_data).scanningPath = expandFilename(path) & "//" & zipped_file else: cast[ptr CallbackArgs](user_data).scanningPath = cast[ptr CallbackArgs](user_data).scanningPath & "//" & zipped_file zip.extractFile(zipped_file, tmpFile) scanFile(scanner, tmpFile, user_data) removeFile(tmpFile) zip.close() Run
