yara

all

Pattern matching tool for identifying and classifying malware. See also: `yarac`.

Options (5)

-r, --recursiveboolean

Recursively scan a directory and subdirectories containing possible threats

Example: yara {{path/to/rule.yar}} {{[-r|--recursive]}} {{path/to/directory}}

-m, --print-metaboolean

Print metadata associated with the matching rules

Example: yara {{[-m|--print-meta]}} {{path/to/rule.yar}} {{path/to/file}}

-s, --print-stringsboolean

Print the strings that caused the rule to match

Example: yara {{[-s|--print-strings]}} {{path/to/rule.yar}} {{path/to/file}}

-p, --threadsboolean

Use a specific number of threads for parallel scanning

Example: yara {{[-p|--threads]}} {{number_of_threads}} {{path/to/rule.yar}} {{path/to/directory}}

-C, --compiled-rulesboolean

Use compiled YARA rules file to scan a directory recursively

Example: yara {{[-C|--compiled-rules]}} {{path/to/rules.bin}} {{[-r|--recursive]}} {{path/to/directory}}

Scan a specific file with a rule file

yara path/to/rule.yar path/to/file

Recursively scan a directory and subdirectories containing possible threats

yara path/to/rule.yar [-r|--recursive] path/to/directory

Scan a running process by its PID using multiple rules

yara path/to/rule1.yar path/to/rule2.yar ... PID

Print metadata associated with the matching rules

yara [-m|--print-meta] path/to/rule.yar path/to/file

Print the strings that caused the rule to match

yara [-s|--print-strings] path/to/rule.yar path/to/file

Use a specific number of threads for parallel scanning

yara [-p|--threads] number_of_threads path/to/rule.yar path/to/directory

Use compiled YARA rules file to scan a directory recursively

yara [-C|--compiled-rules] path/to/rules.bin [-r|--recursive] path/to/directory