yarac (1) - Linux Man Pages
yarac: compile rules to yara
NAMEyarac - compile rules to yara
yarac [OPTION]... [RULE_FILE]... OUTPUT_FILE
DESCRIPTIONTo invoke YARA you will need two things: a file with the rules you want to use (either in source code or compiled form) and the target to be scanned. The target can be a file, a folder, or a process.
Rule files can be passed directly in source code form, or can be previously compiled with the yarac tool. You may prefer to use your rules in compiled form if you are going to invoke YARA multiple times with the same rules. This way you’ll save time, because for YARA is faster to load compiled rules than compiling the same rules over and over again.
- -d <identifier>=<value>
- define external variable.
- disable warnings.
- show version information.
EXAMPLEThe -d is used to define external variables. For example:
AUTHORyarac was written by Victor M. Alvarez <vmalvarez [at] virustotal.com>. This manual page was written by Joao Eriberto Mota Filho <eriberto [at] eriberto.pro.br> for the Debian project (but may be used by others).