void moloch_yara_exit()
{
yr_destroy_context(yContext);
}
int main(int argc, char const* argv[])
{
int i, pid, errors;
YARA_CONTEXT* context;
FILE* rule_file;
TAG* tag;
TAG* next_tag;
yr_init();
context = yr_create_context();
if (context == NULL)
return 0;
if (!process_cmd_line(context, argc, argv))
{
yr_destroy_context(context);
return 0;
}
if (argc == 1 || ((optind == argc) && (! compile_only)))
{
yr_destroy_context(context);
show_help();
return 0;
}
context->error_report_function = report_error;
for (i = optind; i < (compile_only ? argc : argc - 1); i++)
{
rule_file = fopen(argv[i], "r");
if (rule_file != NULL)
{
yr_push_file_name(context, argv[i]);
errors = yr_compile_file(rule_file, context);
fclose(rule_file);
if (errors) /* errors during compilation */
{
yr_destroy_context(context);
return 2;
}
}
else
{
fprintf(stderr, "could not open file: %s\n", argv[i]);
if (compile_only)
return 2;
}
}
if (optind == (compile_only ? argc : argc - 1)) /* no rule files, read rules from stdin */
{
yr_push_file_name(context, "stdin");
errors = yr_compile_file(stdin, context);
if (errors > 0) /* errors during compilation */
{
yr_destroy_context(context);
return 0;
}
}
if (compile_only)
{
printf("syntax check OK\n");
return 0;
}
if (is_numeric(argv[argc - 1]))
{
pid = atoi(argv[argc - 1]);
switch (i = yr_scan_proc(pid, context, callback, (void*) argv[argc - 1]))
{
case ERROR_SUCCESS:
break;
case ERROR_COULD_NOT_ATTACH_TO_PROCESS:
fprintf(stderr, "can not attach to process (try running as root)\n");
break;
case ERROR_INSUFICIENT_MEMORY:
fprintf(stderr, "not enough memory\n");
break;
default:
fprintf(stderr, "internal error: %d\n", i);
break;
}
}
else if (is_directory(argv[argc - 1]))
{
scan_dir(argv[argc - 1], recursive_search, context, callback);
}
else
{
yr_scan_file(argv[argc - 1], context, callback, (void*) argv[argc - 1]);
}
yr_destroy_context(context);
/* free tag list allocated by process_cmd_line */
tag = specified_tags_list;
while(tag != NULL)
{
next_tag = tag->next;
free(tag);
tag = next_tag;
}
return 1;
}
