"yara *.yar MY.EXE" doesn't work because your shell expands the glob before YARA ever executes. This means it expands out to become "yara 1.yar 2.yar 3.yar MY.EXE" which YARA can not interpret. The best way to do what you want is to concatenate all the rules into a single file and use that.
-- WXS > On Jun 14, 2016, at 7:29 AM, Gadget009 <[email protected]> wrote: > > Hi, > > Really a stupid n00bs question on using yara. I have a folder (with > subfolders) full of yara rule files (.yar), i.e. a rule file for each malware > name. How can I tell yara to check an EXE file using all the rule files which > are in a given folder? Unfortunately "yara *.yar MY.EXE" does not work :( ? > Any simple solution? > > Thanks a lot. > > > -- > You received this message because you are subscribed to the Google Groups > "YARA" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > For more options, visit https://groups.google.com/d/optout. -- You received this message because you are subscribed to the Google Groups "YARA" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
