-
Notifications
You must be signed in to change notification settings - Fork 14
/
.yaralyzer.example
61 lines (50 loc) · 3.4 KB
/
.yaralyzer.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
# If you place a filed called '.yaralyzer' in your home dir or the current dir environment variables specified
# in that .yaralyzer file will be added to the environment each time yaralyzer is invoked. (See the `dotenv`
# package for more details.) This file contains environment variables you can use to configure
# the application above and beyond providing command line options on each invocation. Useful if you want to permanently
# configure options you tend to reuse (e.g. '--maximize-width') so you can stop remembering to type them.
#
# Almost all of the command line options can be configured in this file by capitalizing them and prefixing
# with 'YARALYZER'. e.g. to configure the --maximize-width option for every invocation, you would set:
# YARALYZER_MAXIMIZE_WIDTH=True
# Expand the width of the output to the fit the display window (same as the --maximize-width options)
# YARALYZER_MAXIMIZE_WIDTH=True
# yara-python internal options passed through to yara.set_config() as the stack_size and max_match_data arguments
# YARALYZER_STACK_SIZE=10485760
# YARALYZER_MAX_MATCH_LENGTH=10737418240
# Suppress all PDF binary regex matching/scanning/etc
# YARALYZER_SUPPRESS_DECODES_TABLE=False
# Suppress the display of the table showing the the encoding assessments given by `chardet.detect()`
# about a particular chunk of binary data. (The most important data in the chardet confidence table is
# redunandant anyways. Only the low likelihood encodings are hidden from the usef)
# YARALYZER_SUPPRESS_CHARDET_TABLE=False
# Minimum confidence to display an encoding in the chardet results table
# YARALYZER_MIN_CHARDET_CONFIDENCE=2.0
# Configure how many bytes before and after any binary data should be included in scans and visualizations
# YARALYZER_SURROUNDING_BYTES=64
# Size thresholds (in bytes) under/over which yaralyzer will NOT make attempts to decode a match.
# Longer byte sequences are for obvious reasons slower to decode by force.
# It may feel counterintuitive but larger chunks of random binary are also harder to examine and
# (in my experience) less likely to be maningful. Consider it - two frontslash characters 20,000 lines apart
# are more likely to be random than those same frontslashes when placed nearer to each other and
# in the vicinity of lot of computerized sigils of internet power like `.', `+bacd*?`,. and other regexes.*
# Keeping the max value number low will do more to affect the speed of the app than anything else you
# can easily configure.
#
# YARALYZER_MIN_DECODE_LENGTH=1
# YARALYZER_MAX_DECODE_LENGTH=256
# Minimum bytes to run chardet.detect() on a sequence of bytes
# YARALYZER_MIN_BYTES_TO_DETECT_ENCODING
# Directory to write application logs to. Must be an absolute path, not a relative one.
# These logs are not normally written to a file and the default log level means that the standard behavior
# is to more or less discard them. Be aware that if you configure this variable a few things will change:
#
# 1. Logs WILL NOT be written to STDOUT. They will stream ONLY to files in the configured directory.
# This is true even with the -D option.
# 2. The default log_level will be decreased from WARN (extremely spartan) to INFO (fairly verbose).
# The -D option, which sets the log level to DEBUG, will be respected whether or not
# YARALYZER_LOG_DIR is configured.
#
# YARALYZER_LOG_DIR=/path/to/yaralyzer/log_dir/
# Log level
# YARALYZER_LOG_LEVEL='WARN'