6:[["$","$Le",null,{}],["$","div",null,{"className":"min-h-screen bg-gray-100 p-6","children":[["$","$Lf",null,{}],["$","script",null,{"type":"application/ld+json","dangerouslySetInnerHTML":{"__html":"{\"@context\":\"https://schema.org\",\"@type\":\"QAPage\",\"mainEntity\":{\"@type\":\"Question\",\"name\":\"Yara one rule against multiple files\",\"text\":\"

I'm using Yara to detect multiple strings in multiple files for example:

\\n

File A : toto
\\nFile B : titi
\\nBoth file are in a directory repo

\\n

Yara rule (test.yar) :

\\n

rule test\\n{\\nstrings:\\n$ = "toto"\\n$ = "titi"\\ncondition:\\nall of them\\n}\\n

\\n

And i run the commnand line :

\\n

yara test.yar -r repo/\\n

\\n

But this rule will never match.
\\nHow can i do ?

\\n

PS : I can't merge the two file into one.

\\n

Thanks.

\\n\",\"author\":{\"@type\":\"Person\",\"name\":\"nox\"},\"upvoteCount\":1,\"answerCount\":1,\"acceptedAnswer\":null}}"}}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mb-6 relative","children":[["$","div",null,{"className":"absolute top-4 right-4 flex flex-wrap space-x-2","children":[["$","span","yara",{"className":"bg-blue-600 text-white text-sm px-3 py-1 rounded-full","children":["$","$L10",null,{"href":"/discussion/tag/yara/1","children":"yara"}]}]]}],["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://lh3.googleusercontent.com/-XdUIqdMkCWA/AAAAAAAAAAI/AAAAAAAAAAA/4252rscbv5M/photo.jpg?sz=256","alt":"nox","className":"w-16 h-16 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/9670412/nox","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"nox"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",323]}]]}]]}],["$","h1",null,{"className":"text-2xl font-bold text-gray-800 mb-4","children":"Yara one rule against multiple files"}],["$","p",null,{"className":"text-gray-700 mt-4","dangerouslySetInnerHTML":{"__html":"

I'm using Yara to detect multiple strings in multiple files for example:

File A : toto
\nFile B : titi
\nBoth file are in a directory repo

Yara rule (test.yar) :

rule test\n{\nstrings:\n$ = "toto"\n$ = "titi"\ncondition:\nall of them\n}\n

And i run the commnand line :

yara test.yar -r repo/\n

But this rule will never match.
\nHow can i do ?

PS : I can't merge the two file into one.

Thanks.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm mt-4","children":[["$","p",null,{"children":["Upvotes: ",1]}],["$","p",null,{"children":["Views: ",838]}]]}]]}],["$","div",null,{"className":"container mx-auto","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-6","children":["Answers (",1,")"]}],[["$","div","71967983",{"className":"bg-white shadow-md rounded-lg p-6 mb-6","children":[["$","div",null,{"className":"flex items-center mb-4","children":[["$","img",null,{"src":"https://i.sstatic.net/rjK08.png?s=256","alt":"Caroline","className":"w-12 h-12 rounded-full border"}],["$","div",null,{"className":"ml-4","children":[["$","a",null,{"href":"https://stackoverflow.com/users/3081945/caroline","target":"_blank","rel":"noopener noreferrer","className":"text-lg font-semibold text-blue-600 hover:underline","children":"Caroline"}],["$","p",null,{"className":"text-sm text-gray-500","children":["Reputation: ",406]}]]}]]}],["$","p",null,{"className":"text-gray-700 mb-4","dangerouslySetInnerHTML":{"__html":"

The condition field is set to all of them which means that the files will match, only if they have the string toto AND the string titi.

Based on your question, you are looking for the condition any of them, which will match if titi OR toto is in the file.

\n"}}],["$","div",null,{"className":"text-gray-600 text-sm","children":["$","p",null,{"children":["Upvotes: ",0]}]}]]}]]]}],["$","div",null,{"className":"bg-white shadow-md rounded-lg p-6 mt-6","children":[["$","h2",null,{"className":"text-2xl font-semibold text-gray-800 mb-4","children":"Related Questions"}],["$","ul",null,{"className":"list-disc list-inside","children":[["$","li","46023589",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/46023589","className":"text-blue-600 hover:underline","children":"How can I use pe.entry_point to write YARA rules?"}]}],["$","li","70933172",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/70933172","className":"text-blue-600 hover:underline","children":"How to write .gitignore so that it only includes YAML files and some specific files?"}]}],["$","li","70707383",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/70707383","className":"text-blue-600 hover:underline","children":"How to add rules for gittgnore so that git ignore all types of files exept one type"}]}],["$","li","30474041",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/30474041","className":"text-blue-600 hover:underline","children":"Multiple rules same action in yacc"}]}],["$","li","58459359",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/58459359","className":"text-blue-600 hover:underline","children":"Yara Rule - Regex - Matching Wildcard"}]}],["$","li","44908069",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/44908069","className":"text-blue-600 hover:underline","children":"snakemake - output one only file from multiple input files in one rule"}]}],["$","li","40088432",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/40088432","className":"text-blue-600 hover:underline","children":"drools workbench guided rule to include multiple rules in one file"}]}],["$","li","37118739",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/37118739","className":"text-blue-600 hover:underline","children":"Writing yara rules in Python"}]}],["$","li","16065048",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/16065048","className":"text-blue-600 hover:underline","children":"Can wildcards be used in yaml?"}]}],["$","li","578719",{"className":"mb-2","children":["$","$L10",null,{"href":"/discussion/solution/578719","className":"text-blue-600 hover:underline","children":"yacc, only applying rule once"}]}]]}]]}]]}],["$","$L11",null,{}],["$","$L12",null,{}],["$","$L13",null,{}],["$","$L14",null,{}],["$","$L15",null,{}]]

Yara one rule against multiple files

Answers (1)

Related Questions