I want to merge clamAV python and YARA rules. The target is to, on demand, scan with YARA rules that i have made. I wrote this simple script and work just fine
import pyclamd
cd=pyclamd.ClamdAgnostic()
x=cd.scan_file('/home/john/Desktop/workSpace/yara/2.pdf')
if x is False:
print ("no ")
else :
print ("Yes")
is there a way to scan the same .pdf file using YARA rules BUT through pyclamd?
I figure out the answer. It seems that ClamAV can read *.yara files and search additionally to the existed virus database. The solution is to put a yara rule to the /var/lib/clamav directory. The code need a little modification just to reload the ClamdAgnostic() and voila.
import pyclamd
cd=pyclamd.ClamdAgnostic()
cd.reload()
x=cd.scan_file('/home/john/Desktop/workSpace/yara/2.pdf)
print (x)
If the rule is true then you will see a print output with the rule that is used
{'/home/john/Desktop/workSpace/yara/2.pdf': ('FOUND', 'YARA.testFor2.UNOFFICIAL')}
else the output will be Null