void moloch_yara_exit() { yr_destroy_context(yContext); }
int main(int argc, char const* argv[]) { int i, pid, errors; YARA_CONTEXT* context; FILE* rule_file; TAG* tag; TAG* next_tag; yr_init(); context = yr_create_context(); if (context == NULL) return 0; if (!process_cmd_line(context, argc, argv)) { yr_destroy_context(context); return 0; } if (argc == 1 || ((optind == argc) && (! compile_only))) { yr_destroy_context(context); show_help(); return 0; } context->error_report_function = report_error; for (i = optind; i < (compile_only ? argc : argc - 1); i++) { rule_file = fopen(argv[i], "r"); if (rule_file != NULL) { yr_push_file_name(context, argv[i]); errors = yr_compile_file(rule_file, context); fclose(rule_file); if (errors) /* errors during compilation */ { yr_destroy_context(context); return 2; } } else { fprintf(stderr, "could not open file: %s\n", argv[i]); if (compile_only) return 2; } } if (optind == (compile_only ? argc : argc - 1)) /* no rule files, read rules from stdin */ { yr_push_file_name(context, "stdin"); errors = yr_compile_file(stdin, context); if (errors > 0) /* errors during compilation */ { yr_destroy_context(context); return 0; } } if (compile_only) { printf("syntax check OK\n"); return 0; } if (is_numeric(argv[argc - 1])) { pid = atoi(argv[argc - 1]); switch (i = yr_scan_proc(pid, context, callback, (void*) argv[argc - 1])) { case ERROR_SUCCESS: break; case ERROR_COULD_NOT_ATTACH_TO_PROCESS: fprintf(stderr, "can not attach to process (try running as root)\n"); break; case ERROR_INSUFICIENT_MEMORY: fprintf(stderr, "not enough memory\n"); break; default: fprintf(stderr, "internal error: %d\n", i); break; } } else if (is_directory(argv[argc - 1])) { scan_dir(argv[argc - 1], recursive_search, context, callback); } else { yr_scan_file(argv[argc - 1], context, callback, (void*) argv[argc - 1]); } yr_destroy_context(context); /* free tag list allocated by process_cmd_line */ tag = specified_tags_list; while(tag != NULL) { next_tag = tag->next; free(tag); tag = next_tag; } return 1; }