Provide Custom Rules
YaraHunter uses the YARA rules files (*.yar
and *.yara
) in the /home/deepfence/rules
directory in the container. You can provide an alternative set of rules, either at build-time, or by mounting a new rules directory into the container.
You can mount the rules directory over the existing one (using -v $(pwd)/my-rules:/home/deepfence/rules
). Alternatively, you can mount the rules directory in a different location and specify it with --rules-path
:
# Put your rules files (*.yar, *.yara) in the ./my-rules directory
mkdir ./my-rules
docker run -it --rm --name=yara-hunter \
-e DEEPFENCE_PRODUCT=<ThreatMapper or ThreatStryker> \
-e DEEPFENCE_LICENSE=<ThreatMapper or ThreatStryker license key> \
-v /var/run/docker.sock:/var/run/docker.sock \
-v $(pwd)/my-rules:/tmp/my-rules \
quay.io/deepfenceio/deepfence_malware_scanner_ce:2.5.2 --image-name node:latest \
--rules-path /tmp/my-rules