Yara自动策略管理及病毒扫描工具

Yara自动策略管理及病毒扫描工具,自动管理开源yara规则并运行扫描

项目地址:

GitHub: https://github.com/EFForg/yaya

下载地址:

GitHub: https://github.com/EFForg/yaya
雨苁网盘: https://w.ddosi.workers.dev/

安装方法

go get github.com/EFForg/yaya
cd $GOPATH/src/github.com/EFForg/yaya
go build 
go install 

依存关系

Yaya依赖于标准库之外的以下软件包：

• https://github.com/go-git/go-git
• https://github.com/hillu/go-yara
• https://github.com/jinzhu/gorm

您还必须安装yara4 C库。我们建议您从源代码安装这些文件：https://yara.readthedocs.io/en/stable/gettingstarted.html

运行示例:

用法

yaya [-h] <command> <path>
	-h	 print this help screen
Commands:
	update - update rulesets [更新规则]
	edit - ban or remove rulesets [编辑规则]
	add - add a custom ruleset, located at <path> [添加自定义规则]
	scan - perform a yara scan on the directory at <path> [在某个目录上自行yara扫描]

有关yara可参考这一篇文章:
恶意软件研究人员的瑞士军刀-yara