LinuxQuestions.org
Review your favorite Linux distribution.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Non-*NIX Forums > Programming
Reload this Page [SOLVED] Merge clamAV with YARA and Python3
User Name
Password
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.

Notices


Reply
  Search this Thread
Old 09-05-2017, 03:55 AM   #1
anagnostou_j@yahoo.com
LQ Newbie
 
Registered: Sep 2017
Posts: 4

Rep: Reputation: Disabled
Merge clamAV with YARA and Python3

I want to merge clamAV python and YARA rules. The target is to, on demand, scan with YARA rules that i have made. I wrote this simple script and work just fine
Code:
import pyclamd
cd=pyclamd.ClamdAgnostic()
x=cd.scan_file('/home/john/Desktop/workSpace/yara/2.pdf')
if x is False: 
    print ("no ")
else :
    print ("Yes")
is there a way to scan the same .pdf file using YARA rules BUT through pyclamd?
 
Old 09-05-2017, 12:18 PM   #2
Sefyir
Member
 
Registered: Mar 2015
Distribution: Linux Mint
Posts: 634

Rep: Reputation: 316Reputation: 316Reputation: 316Reputation: 316
A quick look at pyclamd documentation had no string of "yara" in it.
I would suggest examining the below links to see if there is some reference to using other sources or filing a bug report on bitbucket to see if the author could implement it?

https://pypi.python.org/pypi/pyClamd
https://bitbucket.org/xael/pyclamd
http://xael.org/pages/pyclamd-en.html
http://xael.org/pages/python-module-pyclamd.html
 
1 members found this post helpful.
Old 09-06-2017, 01:50 AM   #3
anagnostou_j@yahoo.com
LQ Newbie
 
Registered: Sep 2017
Posts: 4

Original Poster
Rep: Reputation: Disabled
Problem Solved
I figure out the answer. It seems that ClamAV can read *.yara files and search additionally to the existed virus database. The solution is to put a yara rule to the /var/lib/clamav directory. The code need a little modification just to reload the ClamdAgnostic() and voila.
Code:
import pyclamd
cd=pyclamd.ClamdAgnostic()
cd.reload()
x=cd.scan_file('/home/john/Desktop/workSpace/yara/2.pdf)
print (x)
If the rule is true then you will see a print output with the rule that is used

Code:
{'/home/john/Desktop/workSpace/yara/2.pdf': ('FOUND', 'YARA.testFor2.UNOFFICIAL')}
else the output will be Null
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] how to start python3.6 interpreter just by typing python in terminal not python3.6 bmohanraj91 Linux - Newbie 4 05-10-2017 07:51 AM
After upgrade python3.4 to python3.5.1 , not able to install packages "request" though pip3 YOGESHAS87 Linux - Software 1 08-03-2016 10:38 PM
file-scan-clamav-1.8 or clamav-0.93.1 invader44 Linux - Newbie 1 12-29-2009 08:49 AM
LXer: kgdb, To Merge Or Not To Merge LXer Syndicated Linux News 0 02-05-2008 06:10 PM
LXer: KHTML Vs Webkit: To Merge or Not To Merge LXer Syndicated Linux News 0 10-27-2007 06:41 AM

LinuxQuestions.org > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 11:12 PM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration