skip to navigation
skip to content

yara 1.6.1

Compile YARA rules to test against files or strings

Package Documentation

Latest Version: 1.7.7

What is yara-ctypes:

  • A powerful python wrapper for yara-project’s libyara v1.6.
  • Supports thread safe matching of YARA rules.
  • namespace management to allow easy loading of multiple YARA rules into a single libyara context.
  • Comes with a scan module which exposes a user CLI and demonstrates a pattern for executing match jobs across a thread pool.


  • ctypes releases the GIL on system function calls… Run your PC to its true potential.
  • No more building the PyC extension…
  • I found a few bugs and memory leaks and wanted to make my life simple.

As a reference and guide to yara-ctypes see: yara-ctypes documentation

For additional tips / tricks with this wrapper feel free to post a question at the github yara-ctypes/issues page.

Project hosting provided by


Install and run

Simply run the following:

> python install
> python test
> python -m yara.scan -h

or PyPi:

> pip install yara
> python -m yara.scan -h


If the package does not contain a pre-compiled libyara library for your platform you will need to build and install it. See notes on building.


yara-ctypes is implemented to be compatible with Python 2.6+ and Python 3.x. It has been tested against the following Python implementations:

Ubuntu 12.04:

  • CPython 2.7 (32bit, 64bit)
  • CPython 3.2 (32bit, 64bit)

Ubuntu 11.10 :

  • CPython 2.6 (32bit)
  • CPython 2.7 (32bit)
  • CPython 3.2 (32bit)
  • PyPy 1.9.0 (32bit)

Windows 7:

  • CPython 2.6 (32bit, 64bit)
  • CPython 3.2 (32bit, 64bit)

Continuous integration testing is provided by Travis CI.


Source code for yara-ctypes is hosted on GitHub. Please file bug reports with GitHub’s issues system.

Change log

version 1.6.0 (01/09/2012)

  • Initial release

version 1.6.1 (06/09/2012)

  • Support for 64bit Windows
  • Bug fixes
  • Added documentation
File Type Py Version Uploaded on Size (md5) Source 2012-09-06 332KB