今天试了一下go-yara,中途遇到了不少环境问题,因此记录一下。
先贴测试代码,从别人博客里偷的:https://blog.csdn.net/qq_37322178/article/details/117418414
package main
import (
yara "github.com/hillu/go-yara"
"io/ioutil"
"os"
"fmt"
)
func main() {
rule := `rule test
{
meta:
date = "2021-07-26"
description = "this is a test"
strings:
$dev = "xiaomi" nocase
condition:
$dev
}`
compiler, err := yara.NewCompiler()
if compiler == nil || err != nil {
return
}
if err = compiler.AddString(rule, ""); err != nil {
return
}
rules, err := compiler.GetRules()
if err != nil {
return
}
s, err := yara.NewScanner(rules)
if err != nil {
return
}
testFile, _ := ioutil.TempFile("", "TestFile")
defer os.Remove(testFile.Name())
testFile.Write([]byte("xiaomi10"))
testFile.Close()
var matchRules yara.MatchRules
if err := s.SetCallback(&matchRules).ScanFile(testFile.Name()); err != nil {
return
} else if len(matchRules) != 1 {
return
}
fmt.Printf("Matches: %+v", matchRules)
}
1、缺少yara
mac直接brew install yara就行
之前用的中科大的brew源,没有protobuf-3.15.7.big_sur.bottle.tar.gz版本的包(见下图),于是我换了个brew源,过程记录在https://blog.csdn.net/my_miuye/article/details/119052996中,当然,只要手动下载一下对应包就行,我纯粹是试试怎么切换源。
2、go run时缺少github.com/hillu/go-yara
少包,go get一把就行
3、缺少pkg-config
pkg-config: exec: “pkg-config”: executable file not found in $PATH
去https://pkg-config.freedesktop.org/releases/里下个最新的,wget或者浏览器直接下都行,我下的下图圈里那个
下好后解压安装
# tar -xf pkg-config-0.29.2.tar.gz
# cd pkg-config-0.29.2
# ./configure --with-internal-glib
# make check
# make
# sudo make install
4、缺少libcrypto.pc
Perhaps you should add the directory containing libcrypto.pc
去pkgconfig的库里看看了看,确实没有
百度发现libcrypto是openssl的依赖库,所以去openssl里偷一个放到pkgconfig的库里
(没有openssl的在mac环境下brew install openssl就行)
# cp /usr/local/opt/openssl/lib/pkgconfig/libcrypto.pc /usr/local/lib/pkgconfig
或者添加pkgconfig库的环境变量,如libcrypto.pc在/test文件夹中
export PKG_CONFIG_PATH=/test/:$PKG_CONFIG_PATH
终于,跑成功了
如有不对,烦请指出,感谢