Skip to content

Commit

Permalink
fix: some fixes
Browse files Browse the repository at this point in the history
  • Loading branch information
@Neo23x0
Neo23x0 committed Jun 30, 2020
1 parent d65a687 commit 90e9cbd
Showing 1 changed file with 9 additions and 6 deletions.
15 changes: 9 additions & 6 deletions loki.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -151,6 +151,7 @@ def __init__(self, intense_mode):
# Yara rule directories
self.yara_rule_directories.append(os.path.join(self.app_path, "signature-base/yara".replace("/", os.sep)))
self.yara_rule_directories.append(os.path.join(self.app_path, "signature-base/iocs/yara".replace("/", os.sep)))
self.yara_rule_directories.append(os.path.join(self.app_path, "signature-base/3rdparty".replace("/", os.sep)))

# Read IOCs -------------------------------------------------------
# File Name IOCs (all files in iocs that contain 'filename')
Expand Down Expand Up @@ -1069,7 +1070,6 @@ def initialize_yara_rules(self):
for root, directories, files in os.walk(yara_rule_directory, onerror=walk_error, followlinks=False):
for file in files:
try:

# Full Path
yaraRuleFile = os.path.join(root, file)

Expand All @@ -1080,6 +1080,10 @@ def initialize_yara_rules(self):
# Extension
extension = os.path.splitext(file)[1].lower()

# Skip all files that don't have *.yar or *.yara extensions
if extension != ".yar" and extension != ".yara":
continue

# Test Compile
try:
compiledRules = yara.compile(yaraRuleFile, externals={
Expand All @@ -1098,11 +1102,10 @@ def initialize_yara_rules(self):
sys.exit(1)
continue

# Encrypted
if extension == ".yar" or extension == ".yara":
with open(yaraRuleFile, 'r') as rulefile:
data = rulefile.read()
yaraRules += data
# Add the rule
with open(yaraRuleFile, 'r') as rulefile:
data = rulefile.read()
yaraRules += data

except Exception as e:
logger.log("ERROR", "Init", "Error reading signature file %s ERROR: %s" % (yaraRuleFile, sys.exc_info()[1]))
Expand Down

0 comments on commit 90e9cbd

Please sign in to comment.