目录导航
Yara自动策略管理及病毒扫描工具,自动管理开源yara规则并运行扫描
项目地址:
GitHub: https://github.com/EFForg/yaya
下载地址:
GitHub: https://github.com/EFForg/yaya
雨苁网盘: https://w.ddosi.workers.dev/
安装方法
go get github.com/EFForg/yaya
cd $GOPATH/src/github.com/EFForg/yaya
go build
go install
依存关系
Yaya依赖于标准库之外的以下软件包:
您还必须安装yara4 C库。我们建议您从源代码安装这些文件:https://yara.readthedocs.io/en/stable/gettingstarted.html
运行示例:
用法
yaya [-h] <command> <path>
-h print this help screen
Commands:
update - update rulesets [更新规则]
edit - ban or remove rulesets [编辑规则]
add - add a custom ruleset, located at <path> [添加自定义规则]
scan - perform a yara scan on the directory at <path> [在某个目录上自行yara扫描]
有关yara可参考这一篇文章:
恶意软件研究人员的瑞士军刀-yara