# Yara

## Structure
A rule consists of 
    * Name
    * Metadata
    * String definitions
    * Conditions on these strings

## Example

```sh
rule eicar   {
    meta:
      author="foo"
      description="eicar test virus"
    strings:
      $a="X5O"
      $b="EICAR"
      $c="ANTIVIRUS"
      $d="TEST"
    condition:
      $a and $b and $c and $d
  }
```

## Usage

* Information about a rule, metadata or strings
```sh
yara -m <file.yara> <file.target>
yara -s <file.yara> <file.target>
```

* Run Yara via
```sh
yara <file.yara> <file.target>
```
* If the name of the rule and the target is returned, the rule matched. Otherwise it did not match.