.. image:: https://travis-ci.org/VirusTotal/yara-python.svg :target: https://travis-ci.org/VirusTotal/yara-python .. image:: https://ci.appveyor.com/api/projects/status/gidnb9ulj3rje5s2?svg=true :target: https://ci.appveyor.com/project/plusvic/yara-python

yara-python

With this library you can use YARA <https://github.com/VirusTotal/yara>_ from your Python programs. It covers all YARA's features, from compiling, saving and loading rules to scanning files, strings and processes.

Here it goes a little example:

.. code-block:: python

>>> import yara
>>> rule = yara.compile(source='rule foo: bar {strings: $a = "lmn" condition: $a}')
>>> matches = rule.match(data='abcdefgjiklmnoprstuvwxyz')
>>> print(matches)
[foo]
>>> print(matches[0].rule)
foo
>>> print(matches[0].tags)
['bar']
>>> print(matches[0].strings)
[(10L, '$a', 'lmn')]

Installation

The easiest way of installing YARA is by using pip:

.. code-block:: bash

$ pip install yara-python

But you can also get the source from GitHub and compile it yourself:

.. code-block:: bash

$ git clone --recursive https://github.com/VirusTotal/yara-python $ cd yara-python $ python setup.py build $ sudo python setup.py install

Notice the --recursive option used with git. This is important because we need to download the yara subproject containing the source code for libyara (the core YARA library). It's also important to note that the two methods above link libyara statically into yara-python. If you want to link dynamically against a shared libyara library use:

.. code-block:: bash

$ python setup.py build --dynamic-linking

For this option to work you must build and install YARA <https://github.com/VirusTotal/yara>_ separately before installing yara-python.

Documentation

Find more information about how to use yara-python at https://yara.readthedocs.org/en/latest/yarapython.html.