private bool FilterMatches(FileProperties fileProperties)
{
if (FilterType == YaraFilterType.AlwaysRun)
{
return(true);
}
else if (FilterType == YaraFilterType.IsPeFile)
{
return(fileProperties.IsExe || fileProperties.IsDll || fileProperties.IsDriver);
}
else if (FilterType == YaraFilterType.FileExtension)
{
return(string.Equals(FilterValue.Replace(".", ""), fileProperties.Extension.Replace(".", ""), StringComparison.InvariantCultureIgnoreCase));
}
else if (FilterType == YaraFilterType.MimeType)
{
return(string.Equals(FilterValue, fileProperties.MimeType, StringComparison.InvariantCultureIgnoreCase));
}
else if (FilterType == YaraFilterType.ElseNoMatch)
{
return(false);
}
else
{
throw new NotImplementedException($"You must have added a new {nameof(YaraFilterType)} enum without adding the appropriate logic in {nameof(YaraFilter)}.{nameof(FilterMatches)}.");
}
}
public List <string> ProcessRule(FileProperties fileProperties)
{
if (FilterMatches(fileProperties))
{
return(OnMatchRules);
}
else
{
return(new List <string>());
}
}
