would this work? for p in $(find /path/to/directory/full/of/rules/ -type f -name "*.yar"); do yara $p target.file ; done
On Tuesday, June 14, 2016 at 6:41:38 PM UTC-6, Wesley Shields wrote: > > "yara *.yar MY.EXE" doesn't work because your shell expands the glob > before YARA ever executes. This means it expands out to become "yara 1.yar > 2.yar 3.yar MY.EXE" which YARA can not interpret. The best way to do what > you want is to concatenate all the rules into a single file and use that. > > -- WXS > > > On Jun 14, 2016, at 7:29 AM, Gadget009 <[email protected] <javascript:>> > wrote: > > > > Hi, > > > > Really a stupid n00bs question on using yara. I have a folder (with > subfolders) full of yara rule files (.yar), i.e. a rule file for each > malware name. How can I tell yara to check an EXE file using all the rule > files which are in a given folder? Unfortunately "yara *.yar MY.EXE" does > not work :( ? Any simple solution? > > > > Thanks a lot. > > > > > > -- > > You received this message because you are subscribed to the Google > Groups "YARA" group. > > To unsubscribe from this group and stop receiving emails from it, send > an email to [email protected] <javascript:>. > > For more options, visit https://groups.google.com/d/optout. > > -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
