How to do it…

In the following steps, we show you how to create YARA rules and test them against a file:

1.  Copy your rules, as seen here, into a text file and name it rules.yara:

 rule is_a_pdf
 {
        strings:
               $pdf_magic = {25 50 44 46}
        condition:
               $pdf_magic at 0
 }
  
 rule dummy_rule1
 {
        condition:
               false
 }
  
 rule dummy_rule2
 {
        condition:
               true
 }

1.  Next, select a file you would like to check your rules against. Call it target_file. In a terminal, execute Yara rules.yara target_file as follows:

Yara rule.yara PythonBrochure

The result should be as follows:

is_a_pdf target_file
dummy_rule2 target_rule