-
-
Notifications
You must be signed in to change notification settings - Fork 27
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Scan Modules #73
Comments
Sure. It looks like libyara is not able to parse your rule files. Can you provide the You may also be able to use the yara command line tool to get better diagnostics about the syntax errors in the rule files. |
Hi, actually, I'm using the example-file spyre.yaml that was provided raw on the rep, I pasted it on the wanted _build, and I have really small clues on where to find/provide yara rules and files, and also where to actually put these files. It is actually my first time with yara modules. |
Alright. I think we'll need to provide a self-contained example. |
Thank you so much, would you mind upping this issue topic whenever an example is provided on the project source ? |
I have just pushed a change that contains some example config + ruleset. Would this have helped you enough if it had been there when you found Spyre? If you feel that there's room for improvement in the example, feel free to open a PR. ('m aware that configuration for custom modules is still missing, I'll need to look around for some indicators that demonstrate general usefulness.) |
@MesserBart ping? |
Hi, as I'm trying to use spyre, I successfully installed all packages. On a Kali Linux, I'm trying to launch the spyre running file. As I don't know much about yara scanning modules, I copy/pasted the filescan.yar and procscan.yar files from spyre/scanner.yara. Then, launching the running program, here's the error that pops up :
2021/10/25 14:26:13 Error initializing YARA-file module: syntax error, unexpected identifier
2021/10/25 14:26:13 Error initializing YARA-proc module: syntax error, unexpected identifier
Would you mind providing me with help concerning this error ? If it wouldnt bother you, maybe having an example file of these .yara files, and kind of a userguide to know how and where to put these said-scanning modules.
Thank you very much for your help and for providing such an interesting tool,
The text was updated successfully, but these errors were encountered: