Package rekall :: Package plugins :: Package linux :: Module yarascan
Source Code for Module rekall.plugins.linux.yarascan

 1  # Rekall Memory Forensics 
 2  # Copyright (c) 2012, Michael Cohen <scudette@gmail.com> 
 3  # Copyright (c) 2010, 2011, 2012 Michael Ligh <michael.ligh@mnin.org> 
 4  # Copyright 2013 Google Inc. All Rights Reserved. 
 5  # 
 6  # This program is free software; you can redistribute it and/or modify 
 7  # it under the terms of the GNU General Public License as published by 
 8  # the Free Software Foundation; either version 2 of the License, or (at 
 9  # your option) any later version. 
10  # 
11  # This program is distributed in the hope that it will be useful, but 
12  # WITHOUT ANY WARRANTY; without even the implied warranty of 
13  # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
14  # General Public License for more details. 
15  # 
16  # You should have received a copy of the GNU General Public License 
17  # along with this program; if not, write to the Free Software 
18  # Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 
19  # 
20   
21  from rekall.plugins import yarascanner 
22  from rekall.plugins.common import scanners 
23  from rekall.plugins.linux import common 
24   
25   
26 -class LinYaraScan(yarascanner.YaraScanMixin, 
27                    scanners.BaseScannerPlugin, 
28                    common.LinProcessFilter): 
29      """Scan using yara signatures.""" 
30