From a31fe63160e714fe239445314ef4066cd495854b Mon Sep 17 00:00:00 2001 From: Victor Manuel Alvarez Date: Fri, 17 Jan 2014 11:14:11 +0100 Subject: [PATCH] Add man page for yarac --- yarac.man | 51 +++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 yarac.man diff --git a/yarac.man b/yarac.man new file mode 100644 index 0000000000..2a1bfed2db --- /dev/null +++ b/yarac.man @@ -0,0 +1,51 @@ +.\"Text automatically generated by txt2man +.TH YARAC "1" "Jan 2014" "YARAC 2.0" "compile rules to yara" +.SH NAME +\fByarac \fP- compile rules to yara +.SH SYNOPSIS +.nf +.fam C +\fByarac\fP [OPTION]\.\.\. [RULE_FILE]\.\.\. \fIOUTPUT_FILE\fP +.fam T +.fi +.fam T +.fi +.SH DESCRIPTION +To invoke YARA you will need two things: a file with the rules you want to +use (either in source code or compiled form) and the target to be scanned. +The target can be a file, a folder, or a process. +.PP +Rule files can be passed directly in source code form, or can be previously +compiled with the \fByarac\fP tool. You may prefer to use your rules in compiled +form if you are going to invoke YARA multiple times with the same rules. +This way you’ll save time, because for YARA is faster to load compiled rules +than compiling the same rules over and over again. +.PP +The rules will be applied to the target specified as the last argument to YARA, +if it’s a path to a directory all the files contained in it will be scanned. +.SH OPTIONS +.TP +.B +\fB-d\fP = +define external variable. +.TP +.B +\fB-w\fP +disable warnings. +.TP +.B +\fB-v\fP +show version information. +.SH EXAMPLE +The \fB-d\fP is used to define external variables. For example: +.PP +\fB-d\fP flag=true +.PP +\fB-d\fP beast=666 +.PP +\fB-d\fP name="James Bond" +.SH SEE ALSO +\fByara\fP(1) +.SH AUTHOR +\fByarac\fP was written by Victor M. Alvarez . +This manual page was written by Joao Eriberto Mota Filho for the Debian project (but may be used by others).