diff options
author | Vegard Haugland <vegard@haugland.at> | 2011-09-30 23:16:34 -0500 |
---|---|---|
committer | Robby Workman <rworkman@slackbuilds.org> | 2011-10-11 21:20:25 -0500 |
commit | 18271480995227468e7aad6097783311b2f249ab (patch) | |
tree | 781a16549a149497d13b5a361357fc190f3b5a16 /misc | |
parent | f4da96657d1f2e18d8640466564809482e5dd97d (diff) |
misc/yara: Added (A malware identification and classification tool)
Signed-off-by: Erik Hanson <erik@slackbuilds.org>
Diffstat (limited to 'misc')
-rw-r--r-- | misc/yara/README | 11 | ||||
-rw-r--r-- | misc/yara/doinst.sh | 0 | ||||
-rw-r--r-- | misc/yara/slack-desc | 20 | ||||
-rw-r--r-- | misc/yara/yara.SlackBuild | 100 | ||||
-rw-r--r-- | misc/yara/yara.info | 10 |
5 files changed, 141 insertions, 0 deletions
diff --git a/misc/yara/README b/misc/yara/README new file mode 100644 index 0000000000000..22fe5340a1155 --- /dev/null +++ b/misc/yara/README @@ -0,0 +1,11 @@ +YARA - a malware identification and classification tool + +YARA is a tool aimed at helping malware researchers to identify and classify +malware samples. With YARA you can create descriptions of malware families +based on textual or binary patterns contained on samples of those families. +Each description consists of a set of strings and a Boolean expression which +determines its logic. + +YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used +through its command-line interface or from your own Python scripts with the +yara-python extension. diff --git a/misc/yara/doinst.sh b/misc/yara/doinst.sh new file mode 100644 index 0000000000000..e69de29bb2d1d --- /dev/null +++ b/misc/yara/doinst.sh diff --git a/misc/yara/slack-desc b/misc/yara/slack-desc new file mode 100644 index 0000000000000..2ada848752d1b --- /dev/null +++ b/misc/yara/slack-desc @@ -0,0 +1,20 @@ +# HOW TO EDIT THIS FILE: +# The "handy ruler" below makes it easier to edit a package description. Line +# up the first '|' above the ':' following the base package name, and the '|' on +# the right side marks the last column you can put a character in. You must make +# exactly 11 lines for the formatting to be correct. It's also customary to +# leave one space after the ':'. + + |-----handy-ruler------------------------------------------------------| +yara: YARA (A malware identification and classification tool) +yara: +yara: YARA is a tool aimed at helping malware researchers to identify and +yara: classify malware samples. With YARA you can create descriptions of +yara: malware families based on textual or binary patterns contained on +yara: samples of those families. Each description consists of a set of +yara: strings and a Boolean expression which determines its logic. +yara: +yara: YARA is multi-platform, running on Windows, Linux and Mac OS X. +yara: +yara: http://code.google.com/p/yara-project/ +yara: diff --git a/misc/yara/yara.SlackBuild b/misc/yara/yara.SlackBuild new file mode 100644 index 0000000000000..19446033d0c0a --- /dev/null +++ b/misc/yara/yara.SlackBuild @@ -0,0 +1,100 @@ +#!/bin/sh + +# Slackware build script for yara + +# Copyright 2011 Vegard Haugland <vegard@haugland.at> +# All rights reserved. +# +# Redistribution and use of this script, with or without modification, is +# permitted provided that the following conditions are met: +# +# 1. Redistributions of this script must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ''AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +PRGNAM=yara +VERSION=${VERSION:-1.5} +BUILD=${BUILD:-1} +TAG=${TAG:-_SBo} + +if [ -z "$ARCH" ]; then + case "$( uname -m )" in + i?86) ARCH=i486 ;; + arm*) ARCH=arm ;; + *) ARCH=$( uname -m ) ;; + esac +fi + +CWD=$(pwd) +TMP=${TMP:-/tmp/SBo} +PKG=$TMP/package-$PRGNAM +OUTPUT=${OUTPUT:-/tmp} + +if [ "$ARCH" = "i486" ]; then + SLKCFLAGS="-O2 -march=i486 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "i686" ]; then + SLKCFLAGS="-O2 -march=i686 -mtune=i686" + LIBDIRSUFFIX="" +elif [ "$ARCH" = "x86_64" ]; then + SLKCFLAGS="-O2 -fPIC" + LIBDIRSUFFIX="64" +else + SLKCFLAGS="-O2" + LIBDIRSUFFIX="" +fi + +set -e + +rm -rf $PKG +mkdir -p $TMP $PKG $OUTPUT +cd $TMP +rm -rf $PRGNAM-$VERSION +tar xvf $CWD/$PRGNAM-$VERSION.tar.gz + +cd $PRGNAM-$VERSION +chown -R root:root . +find . \ + \( -perm 777 -o -perm 775 -o -perm 711 -o -perm 555 -o -perm 511 \) \ + -exec chmod 755 {} \; -o \ + \( -perm 666 -o -perm 664 -o -perm 600 -o -perm 444 -o -perm 440 -o -perm 400 \) \ + -exec chmod 644 {} \; + +CFLAGS="$SLKCFLAGS" \ +CXXFLAGS="$SLKCFLAGS" \ +./configure \ + --prefix=/usr \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --mandir=/usr/man \ + --docdir=/usr/doc/$PRGNAM-$VERSION \ + --libdir=/usr/lib${LIBDIRSUFFIX} + +make +make install DESTDIR=$PKG + +find $PKG | xargs file | grep -e "executable" -e "shared object" | grep ELF \ + | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null || true + +find $PKG/usr/man -type f -exec gzip -9 {} \; +for i in $( find $PKG/usr/man -type l ) ; do ln -s $( readlink $i ).gz $i.gz ; rm $i ; done + +mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION +cp -a README INSTALL AUTHORS COPYING NEWS $PKG/usr/doc/$PRGNAM-$VERSION +cat $CWD/$PRGNAM.SlackBuild > $PKG/usr/doc/$PRGNAM-$VERSION/$PRGNAM.SlackBuild + +mkdir -p $PKG/install +cat $CWD/slack-desc > $PKG/install/slack-desc + +cd $PKG +/sbin/makepkg -l y -c n $OUTPUT/$PRGNAM-$VERSION-$ARCH-$BUILD$TAG.${PKGTYPE:-tgz} diff --git a/misc/yara/yara.info b/misc/yara/yara.info new file mode 100644 index 0000000000000..4af7a8ae1436a --- /dev/null +++ b/misc/yara/yara.info @@ -0,0 +1,10 @@ +PRGNAM="yara" +VERSION="1.5" +HOMEPAGE="http://code.google.com/p/yara-project/" +DOWNLOAD="http://yara-project.googlecode.com/files/yara-1.5.tar.gz" +MD5SUM="ccca92dfd8423186f5270fabd52782e5" +DOWNLOAD_x86_64="" +MD5SUM_x86_64="" +MAINTAINER="Vegard Haugland" +EMAIL="vegard@haugland.at" +APPROVED="Erik Hanson" |