In a yara rules file-malware.yar, content like
rule rules_one
{}
rule rules_two
{}
...
there are many rule in the file, I use yr_compiler_add_file to add file, then use yr_compiler_get_rules to get rules. I get all rules from the rules file, now I just want to use one rule to scan buffer.
If I use yr_rules_scan_mem, it will scan buffer with all rules. but I just only need one to do this. How can I do?
