0

I created a script that analyzes files based on yara rules ( the yara are the ones from this repository https://github.com/Yara-Rules/rules). My script import a yara file that include all other rules.When i try to compile it, i receive a syntax error: "can't open include file: rules_for_files\Antidebug_AntiVM_index.yar", pointing me to one of the rules. I tried to exclude it but it continue points to others.

I tried to use different versions of python: 1.i used python2.7 and i received the mentioned error in both case when i use a binary string/raw string. About python 3.5 when i mentioned a binary string like the one from my code sample, the interpreter broke/reset(in case i use a GUI). How can i resolve this? Thank you.

rules = yara.compile(filepaths={
    "malware_set1 rules": b'C:/Users/g_bondrila/Desktop/phishme/functionalitati/yararules/importyara.yar'})


def yara_match(file_path, rules=rules):
    try:
        matches = rules.match(file_path, timeout=60)
        return matches
    #except TimeoutError:
    #    print("the time is running out")
    except:
        print("something")
Tagc
  • 8,736
  • 7
  • 61
  • 114
Bonfel
  • 11
  • 4

1 Answers1

0

Try giving the directory path as below:

"C:\\Users\\g_bondrila\\Desktop\\phishme\\functionalitati\\yararules\\importyara.yar"

Since Python doesn't reads single slash for a path in windows.

NightOwl19
  • 419
  • 5
  • 24
  • Err... actually, it does. – bruno desthuilliers Jul 09 '18 at 09:54
  • thank you for answering me, i found out the answer. the problem was at the compile argument "filepaths" because he was waiting for multiple filepaths, and i provided only one, i appears the yara lib count on this. – Bonfel Jul 09 '18 at 10:51
  • ohh, missed that one. So, did passing filepath with single backward slash worked or with double backslashes? – NightOwl19 Jul 09 '18 at 10:52