private bool FilterMatches(FileProperties fileProperties) { if (FilterType == YaraFilterType.AlwaysRun) { return(true); } else if (FilterType == YaraFilterType.IsPeFile) { return(fileProperties.IsExe || fileProperties.IsDll || fileProperties.IsDriver); } else if (FilterType == YaraFilterType.FileExtension) { return(string.Equals(FilterValue.Replace(".", ""), fileProperties.Extension.Replace(".", ""), StringComparison.InvariantCultureIgnoreCase)); } else if (FilterType == YaraFilterType.MimeType) { return(string.Equals(FilterValue, fileProperties.MimeType, StringComparison.InvariantCultureIgnoreCase)); } else if (FilterType == YaraFilterType.ElseNoMatch) { return(false); } else { throw new NotImplementedException($"You must have added a new {nameof(YaraFilterType)} enum without adding the appropriate logic in {nameof(YaraFilter)}.{nameof(FilterMatches)}."); } }
public List <string> ProcessRule(FileProperties fileProperties) { if (FilterMatches(fileProperties)) { return(OnMatchRules); } else { return(new List <string>()); } }