$ sudo apt-get install libpcre3 libpcre3-dev
Now acquire the YARA source code.
$ wget http://yara-project.googlecode.com/files/yara-1.4.tar.gz
$ wget http://yara-project.googlecode.com/files/yara-python-1.4.tar.gz
Untar and configure YARA.
$ tar xvfz yara-1.4.tar.gz
$ cd yara-1.4.tar.gz
$ ./configure
If there are no errors, make the executables.
$ make
$ make check
$ sudo make install
Now add python support.
$ cd ..
$ tar xvfz yara-python-1.4.tar.gz
$ cd yara-python-1.4.tar.gz
$ python setup.py build
$ sudo python setup.py install
You should now be able to call YARA from a shell prompt.
$ yara
usage: yara [OPTION]... [RULEFILE]... FILE
options:
-t
-i
-n print only not satisfied rules (negate).
-g print tags.
-m print metadata.
-s print matching strings.
-d
-r recursively search directories.
-f fast matching mode.
-v show version information.
Report bugs to:
 
6 comments:
In some versions of Ubuntu users may need to run the following commands:
$ sudo echo "/usr/local/lib" >> /etc/ld.so.conf
$ ldconfig
quoted from googlecode page
Nice article. After installation, in Ubuntu there may be an error in accessing libyara shared objects.
In that case, this would be useful. This is mentioned in the official project page of yara.http://code.google.com/p/yara-project/source/browse/trunk/yara-python/README?r=41
$ sudo echo "/usr/local/lib" >> /etc/ld.so.conf
$ ldconfig
Don't forget to sudo apt-get install python-dev before you try to build the yara-python package.
You will also need to install g++: sudo apt-get install g++
It's not on 10.04 by default.
In newer versions of Yara, you can use the re2 library (http://code.google.com/p/re2/) instead of pcre to speed up yara.
If you want to use re2, you have to install it and then use it when you configure yara:
Installing re2 (requires g++):
hg clone https://re2.googlecode.com/hg re2
cd re2
make test
sudo make install
sudo make testinstall
Then, instead of ./configure, do:
./configure --with-re2
You may need to run 'sudo ldconfig' after installing re2 but before configuring yara.
Excellent guide thank you for putting this up!
Post a Comment