Compatibility on Windows

[Mooey28]

Hi - could you possibly please create a Windows version of runtests.py. I potentially have a file that went unfound by the current rules, so I've extracted it and running it on my workstation through Yara but got to the "runtests.py" point and it didn't work. I tried swapping the / to \ in the file, and changing the EOL but still couldn't get it to work with various errors from:

Traceback (most recent call last): File "tools\runtests.py", line 87, in <module> runtests() File "tools\runtests.py", line 59, in runtests report = check_output(['yara', '-r', RULES_CONFIRMED_PATH, MALWARE_PATH]).de code() File "C:\Users\user\AppData\Local\Programs\Python\Python36-32\lib\subprocess. py", line 336, in check_output **kwargs).stdout File "C:\Users\user\AppData\Local\Programs\Python\Python36-32\lib\subprocess. py", line 403, in run with Popen(*popenargs, **kwargs) as process: File "C:\Users\user\AppData\Local\Programs\Python\Python36-32\lib\subprocess. py", line 707, in __init__ restore_signals, start_new_session) File "C:\Users\user\AppData\Local\Programs\Python\Python36-32\lib\subprocess. py", line 990, in _execute_child startupinfo) FileNotFoundError: [WinError 2] The system cannot find the file specified

To after trying to convert myself:

` File "tools\runtests-windows.py", line 26
return set([fn for s in SEGMENTS for fn in glob(MALWARE_PATH + '' + s + '*
') ])

^

SyntaxError: unexpected character after line continuation character`

Any help?

[gwillem]

Hi! I don't have Windows at hand, unfortunately. Maybe someone else?

But, you could create a PR and let Travis run the tests. Add your rule to rules/backend.yar (or frontend.yar) and try with: yara -r rules/backend.yar <your malware sample> (no python needed).

Let me know if it worked?