'%3e%3cpath%20d='M3.389%209.069c0-.009.043-.033.029-.044L.029%207.77l3.287-1.197L6.574%207.77l.106.083.005%204-3.297%201.185V9.068ZM13.582%209.32V2.74l3.405%201.238v4.104L13.583%209.32ZM10.253%2014.66l-3.476%201.268v-4.027l3.476-1.313v4.072ZM10.253%2010.558l-3.476%201.239V7.784l3.476-1.268v4.042ZM10.253%2014.719v3.968L6.777%2020v-3.998l3.476-1.283ZM17%208.139v4.042l-3.418%201.239V9.378L17%208.138ZM3.3%2017.168%200%2015.943v-4.027l3.3%201.224v4.028ZM6.69%2011.916v4.027l-3.302%201.225v-4.072l3.301-1.18ZM6.69%203.743v4.012l-3.33-1.21V2.564l3.33%201.18Z'/%3e%3cpath%20d='M3.3%2013.066%200%2011.842V7.844l3.3%201.224v3.998ZM13.524%209.334l-.175.088.175-.014v4.027l-3.152%201.183-.06-.032v-3.983l1.986-.767-.111.006-1.876.657V6.531l3.213-1.224v4.027Zm-.263.133c-.065.008-.198.023-.233.088.065-.008.198-.023.233-.088Zm-.321.118c-.065.008-.198.023-.233.088.065-.009.198-.023.233-.088Zm-.321.118c-.066.008-.199.023-.234.088.065-.008.199-.023.234-.088ZM13.524%201.266v3.968l-3.213%201.195V2.46l3.213-1.194ZM10.253%202.475v3.968L6.777%207.726V3.743l3.476-1.268ZM8.2%204.458c-.304.064-.627.5-.708.79-.27.963.636%201.081%201.091.364.277-.437.354-1.308-.383-1.154ZM13.524%2013.51v3.983l-3.17%201.177c-.011%200-.043-.067-.043-.07v-3.895l3.213-1.195Zm-.884%201.63c-.495.085-1.068%201.015-.676%201.435.483.517%201.502-.636%201.147-1.246-.098-.169-.286-.221-.47-.19ZM10.165%202.387l-.037.065-3.395%201.249-3.345-1.212L6.88%201.21l3.285%201.178ZM13.437%201.177l-.088.073-3.057%201.127-3.034-1.082-.277-.133L10.151%200l3.286%201.177Z'/%3e%3c/g%3e%3cdefs%3e%3cclipPath%20id='a'%3e%3cpath%20fill='%23fff'%20d='M0%200h17v20H0z'/%3e%3c/clipPath%3e%3c/defs%3e%3c/svg%3e){kind=small}
tessl/pypi-yara-python
tessl install tessl/pypi-yara-python@3.11.0Python interface for YARA, a powerful malware identification and classification tool
Agent Success
Agent success rate when using this tile
85%
Improvement
Agent success rate improvement when using this tile compared to baseline
0.94x
Baseline
Agent success rate without this tile
90%
task.mdevals/scenario-2/
Malware Scanner
A command-line tool that scans files for malware patterns using custom detection rules.
Capabilities
File Scanning
Scan individual files on disk for malware patterns using predefined detection rules. The scanner should load YARA rules from a rules file and apply them to target files, reporting any matches found.
- Scanning an existing text file with a simple rule that matches the string "MALWARE" returns a match with the rule name @test
- Scanning a file that doesn't match any rules returns an empty list of matches @test
- Scanning a non-existent file raises an appropriate error @test
Rule Compilation from File
Load and compile detection rules from a YARA rules file. The rules file contains pattern definitions that describe malicious characteristics to detect.
- Compiling rules from a valid YARA rules file succeeds and returns a Rules object @test
- Attempting to compile rules from a non-existent file raises an error @test
- Attempting to compile a rules file with syntax errors raises a compilation error @test
Match Result Reporting
Extract and report detailed information about pattern matches, including which rules matched and what specific patterns were found in the scanned files.
- A match result includes the rule name that was triggered @test
- A match result provides access to the matched string identifiers @test
Multiple File Scanning
Scan multiple files in a single operation, reporting matches for each file individually. This allows efficient batch scanning of multiple suspicious files.
- Scanning three files where two match rules and one doesn't returns matches only for the two matching files @test
- Scanning multiple files where all match returns matches for all files @test
Implementation
@generates
API
def compile_rules(rules_path: str):
"""
Compile YARA rules from a file.
Args:
rules_path: Path to the YARA rules file
Returns:
Compiled rules object ready for scanning
Raises:
Exception: If the file doesn't exist or contains invalid rules
"""
pass
def scan_file(rules, file_path: str) -> list:
"""
Scan a single file using compiled rules.
Args:
rules: Compiled YARA rules object
file_path: Path to the file to scan
Returns:
List of match objects (empty list if no matches)
Raises:
Exception: If the file doesn't exist
"""
pass
def scan_files(rules, file_paths: list) -> dict:
"""
Scan multiple files using compiled rules.
Args:
rules: Compiled YARA rules object
file_paths: List of file paths to scan
Returns:
Dictionary mapping file paths to lists of match objects
Raises:
Exception: If any file doesn't exist
"""
pass
def get_match_info(match) -> dict:
"""
Extract information from a match object.
Args:
match: A YARA match object
Returns:
Dictionary containing 'rule_name' and 'string_identifiers' keys
"""
passDependencies { .dependencies }
yara-python { .dependency }
Provides pattern matching support for malware detection.
@satisfied-by