Nim binding for libyara4 - https://github.com/dmknght/nimyara Example of how to use API to scan files, directories: https://github.com/dmknght/nimyara/blob/master/tests/sample_scan.nim Documentation for Yara API: https://yara.readthedocs.io/en/stable/capi.html Example: scan zip file with Yara binding and nim zip (https://github.com/nim-lang/zip):
proc do_unzip_scan*(scanner: ptr YR_SCANNER, path: string, user_data: ptr CallbackArgs) =
# FIXME huge memory usage. Likely because of lib
var zip: ZipArchive
if not zip.open(path):
echo "Failed to open file"
else:
for zipped_file in walkFiles(zip):
# https://github.com/nim-lang/zip/blob/master/zip/zipfiles.nim#L142
let
extracted_name = getMD5(zipped_file)
tmpFile = "/tmp/" & extracted_name
if cast[ptr CallbackArgs](user_data).scanningPath == "":
cast[ptr CallbackArgs](user_data).scanningPath = expandFilename(path) & "//" & zipped_file
else:
cast[ptr CallbackArgs](user_data).scanningPath = cast[ptr CallbackArgs](user_data).scanningPath & "//" & zipped_file
zip.extractFile(zipped_file, tmpFile)
scanFile(scanner, tmpFile, user_data)
removeFile(tmpFile)
zip.close()