Read from stdin, buffer the input, and run it through yara while using constant memory

[dicato]

It would be useful to be able to buffer chunks of data from standard input, analyze them, and print matches to standard output.

Currently, all of this type of functionality is in chopshop/yarashop, not yaraprocessor.

Essentially, I'd like to be able to cat big_ol_disk.img | yaraprocessor ... and have it print results without consuming all my computer's resources :smile:

[wxsBSD]

Not a bad idea but just write a small wrapper that reads in chunks and feeds them to yaraprocessor. I don't think reading from stdin belongs in yaraprocessor.

[dicato]

If you noticed, yaraprocessor.py already has a super simple command line interface, which I've generally only used for testing. I should be able to tweak the input file argument to accept stdin by default, and change the behavior to read N bytes or the whole file based on the other parameters. In my opinion, this is functionally equivalent to your "small wrapper".

To make it work properly might require passing the -u flag to Python, which makes things a little confusing.