58 lines
1.8 KiB
Go
58 lines
1.8 KiB
Go
package yara
|
|
|
|
import (
|
|
"log/slog"
|
|
"os/exec"
|
|
"path/filepath"
|
|
|
|
"git.jmbit.de/jmb/scanfile/server/internal/store"
|
|
"github.com/spf13/viper"
|
|
)
|
|
|
|
func compileSourcesFromFiles() error {
|
|
root, err := filepath.Abs(viper.GetString("processing.yararules"))
|
|
if err != nil {
|
|
slog.Error("Error getting absolute path for processing.yararules", "error", err)
|
|
return err
|
|
}
|
|
outputPath, err := filepath.Abs(viper.GetString("processing.yaracompiled"))
|
|
if err != nil {
|
|
slog.Error("Error getting absolute path for processing.yaracompiled", "error", err)
|
|
return err
|
|
}
|
|
|
|
cmd := exec.Command("/usr/local/bin/yr", "compile","--path-as-namespace", "--relaxed-re-syntax", "--output", outputPath, root)
|
|
slog.Debug("Yara compile command", "cmd", cmd.String())
|
|
result, err := cmd.Output()
|
|
if err != nil {
|
|
slog.Error("Error compiling yara rules", "error", err, "result", string(result))
|
|
return err
|
|
} else {
|
|
slog.Info("Compiled yara rules", "result", string(result))
|
|
}
|
|
|
|
return nil
|
|
}
|
|
|
|
func scanFile(fileName string) ([]string, error) {
|
|
var matched []string
|
|
outputPath, err := filepath.Abs(viper.GetString("processing.yaracompiled"))
|
|
if err != nil {
|
|
slog.Error("Error getting absolute path for processing.yaracompiled", "error", err)
|
|
return matched, err
|
|
}
|
|
fullPath, err := store.AbsPath(fileName)
|
|
if err != nil {
|
|
slog.Error("Error in DiecScan", "file-uuid", fileName, "error", err)
|
|
return matched, err
|
|
}
|
|
cmd := exec.Command("/usr/local/bin/yr", "scan", "--output-format ndjson", "--print-namespace","--compiled-rules", outputPath, fullPath)
|
|
slog.Debug("Yara scan command", "cmd", cmd.String())
|
|
result, err := cmd.Output()
|
|
if err != nil {
|
|
slog.Error("Error scanning file with yara", "error", err, "file-uuid", fileName,"result", string(result))
|
|
return matched, err
|
|
}
|
|
|
|
return matched, nil
|
|
}
|