The yara_destroy API allows to claim resources back via the removal of
the previously loaded Yara rules.
Signed-off-by: Matteo Cafasso <noxdafox(a)gmail.com>
---
daemon/yara.c | 14 ++++++++++++++
generator/proc_nr.ml | 1 +
lib/MAX_PROC_NR | 2 +-
3 files changed, 16 insertions(+), 1 deletion(-)
diff --git a/daemon/yara.c b/daemon/yara.c
index 0e4128aed..cb49593c7 100644
--- a/daemon/yara.c
+++ b/daemon/yara.c
@@ -105,6 +105,20 @@ do_yara_load (const char *namespace)
return (ret == ERROR_SUCCESS) ? 0 : -1;
}
+int
+do_yara_destroy (void)
+{
+ if (rules == NULL) {
+ reply_with_error ("no yara rules loaded");
+ return -1;
+ }
+
+ yr_rules_destroy (rules);
+ rules = NULL;
+
+ return 0;
+}
+
/* Compile source code rules and load them.
* Return ERROR_SUCCESS on success, Yara error code type on error.
*/
diff --git a/generator/proc_nr.ml b/generator/proc_nr.ml
index d50cc9efa..d471b1a83 100644
--- a/generator/proc_nr.ml
+++ b/generator/proc_nr.ml
@@ -480,6 +480,7 @@ let proc_nr = [
470, "internal_find_inode";
471, "mksquashfs";
472, "yara_load";
+473, "yara_destroy";
]
(* End of list. If adding a new entry, add it at the end of the list
diff --git a/lib/MAX_PROC_NR b/lib/MAX_PROC_NR
index 68cfb10d1..8410b8b89 100644
--- a/lib/MAX_PROC_NR
+++ b/lib/MAX_PROC_NR
@@ -1 +1 @@
-472
+473
--
2.11.0