go-yara实践问题记录

今天试了一下go-yara，中途遇到了不少环境问题，因此记录一下。
 
 
先贴测试代码，从别人博客里偷的：https://blog.csdn.net/qq_37322178/article/details/117418414

package main

import (
	yara "github.com/hillu/go-yara"
	"io/ioutil"
	"os"
	"fmt"
)

func main() {
	rule := `rule test
	{
	meta:
		date = "2021-07-26"
		description = "this is a test"
	strings:
		$dev = "xiaomi" nocase
	condition:
		$dev
	}`
	compiler, err := yara.NewCompiler()
	if compiler == nil || err != nil {
		return
	}
	if err = compiler.AddString(rule, ""); err != nil {
		return
	}
	rules, err := compiler.GetRules()
	if err != nil {
		return
	}
	s, err := yara.NewScanner(rules)
	if err != nil {
		return
	}
	testFile, _ := ioutil.TempFile("", "TestFile")
	defer os.Remove(testFile.Name())
	testFile.Write([]byte("xiaomi10"))
	testFile.Close()
	var matchRules yara.MatchRules
	if err := s.SetCallback(&matchRules).ScanFile(testFile.Name()); err != nil {
		return
	} else if len(matchRules) != 1 {
		return
	}
	fmt.Printf("Matches: %+v", matchRules)
}

1、缺少yara

mac直接brew install yara就行

之前用的中科大的brew源，没有protobuf-3.15.7.big_sur.bottle.tar.gz版本的包（见下图），于是我换了个brew源，过程记录在https://blog.csdn.net/my_miuye/article/details/119052996中，当然，只要手动下载一下对应包就行，我纯粹是试试怎么切换源。

 

2、go run时缺少github.com/hillu/go-yara

少包，go get一把就行

 

3、缺少pkg-config

pkg-config: exec: “pkg-config”: executable file not found in $PATH

去https://pkg-config.freedesktop.org/releases/里下个最新的，wget或者浏览器直接下都行，我下的下图圈里那个

下好后解压安装

# tar -xf pkg-config-0.29.2.tar.gz
# cd pkg-config-0.29.2
# ./configure --with-internal-glib
# make check
# make
# sudo  make install

 

4、缺少libcrypto.pc

Perhaps you should add the directory containing `libcrypto.pc’

去pkgconfig的库里看看了看，确实没有

百度发现libcrypto是openssl的依赖库，所以去openssl里偷一个放到pkgconfig的库里
（没有openssl的在mac环境下brew install openssl就行）

# cp /usr/local/opt/openssl/lib/pkgconfig/libcrypto.pc /usr/local/lib/pkgconfig

或者添加pkgconfig库的环境变量，如libcrypto.pc在/test文件夹中

export PKG_CONFIG_PATH=/test/:$PKG_CONFIG_PATH

 
 
终于，跑成功了