#!/usr/bin/env python

import yara
from optparse import OptionParser

def doscan(sigfile, filename):

    # compile the yara rules
    # could pass in list of files to compile together
    rules = yara.compile(sigfile)

    # scan the file using the compiled ruleset
    matches = rules.match(filename)

    # do some work based on the results
    for m in matches:
        if m.meta["trigger"] == "true":
            print "WE HAVE A PROBLEM!"
        print "Rule match: %s" % m
        for key,value in m.meta.iteritems():
            print "\t%s: %s" % (key, value)

def main():
    parser = OptionParser()
    parser.add_option("-f", "--file", action="store", type="string", 
                        dest="filename", help="file to scan")
    parser.add_option("-s", "--sig", action="store", type="string", 
                        dest="sigfile", help="file with signatures")
    (options, args) = parser.parse_args()

    if options.filename is None or options.sigfile is None:
        print "Please specify both a file to scan and a signature file."
        exit(1)

    # let's do some work
    doscan(options.sigfile, options.filename)

if __name__ == '__main__':
    main()