small bugfixes and readme update

codeyourweb · codeyourweb · commit 936e6ec70ef7 · 2022-01-30T10:35:13.000+01:00
diff --git a/README.md b/README.md
@@ -81,13 +81,16 @@ advancedparameters:
     maxScanFilesize: 2048 #  ignore files up to maxScanFileSize Mb (default: 2048)               
     cleanMemoryIfFileGreaterThanSize: 512 # clean fastfinder internal memory after heavy file scan (default: 512Mb) 
 ``` 
-### Note for input path:
-* '?' for simple char  and '\\*' (eg. powershe??.exe)  for multiple chars (eg. \\*.exe) wildcards are available for simple string
-* environment variables are also available (eg. %TEMP%\\\*.exe)
-* regular expression are allowed , they should be enclosed by /<regex>/
+### Search everywhere or in specified paths:
+* use '?' in paths for simple char wildcard (eg. powershe??.exe)
+* use '\\*' in paths for multiple chars wildcard (eg. \\*.exe)
+* regular expressions are also available , just enclose paths with slashes (eg. /[0-9]{8}\\.exe/)
+* environment variables can also be used (eg. %TEMP%\\myfile.exe)
+
+### Important notes
 * input path are always case INSENSITIVE
-* input content grep strings are always case SENSITIVE
-* backslashes haven't to be escaped on simple string pattern
+* content search on string (grep) are always case SENSITIVE
+* backslashes SHOULD NOT be escaped (except with regular expressions)
 For more informations, take a look at the [examples](./examples)
 
 ## About this project
diff --git a/finder.go b/finder.go
@@ -77,22 +77,24 @@ func FindInFilesContent(files *[]string, patterns []string, rules *yara.Rules, h
 		}
 
 		// yara scan on file content
-		yaraResult, err := PerformYaraScan(&b, rules)
-		if err != nil {
-			LogMessage(LOG_ERROR, "(ERROR)", "Error performing yara scan on", path, err)
-			continue
-		}
+		if rules != nil && len(rules.GetRules()) > 0 {
+			yaraResult, err := PerformYaraScan(&b, rules)
+			if err != nil {
+				LogMessage(LOG_ERROR, "(ERROR)", "Error performing yara scan on", path, err)
+				continue
+			}
 
-		if len(yaraResult) > 0 && !Contains(matchingFiles, path) {
-			matchingFiles = append(matchingFiles, path)
-		}
+			if len(yaraResult) > 0 && !Contains(matchingFiles, path) {
+				matchingFiles = append(matchingFiles, path)
+			}
 
-		// output yara match results
-		for i := 0; i < len(yaraResult); i++ {
-			LogMessage(LOG_ALERT, "(ALERT)", "YARA match:")
-			LogMessage(LOG_ALERT, " | path:", path)
-			LogMessage(LOG_ALERT, " | rule namespace:", yaraResult[i].Namespace)
-			LogMessage(LOG_ALERT, " | rule name:", yaraResult[i].Rule)
+			// output yara match results
+			for i := 0; i < len(yaraResult); i++ {
+				LogMessage(LOG_ALERT, "(ALERT)", "YARA match:")
+				LogMessage(LOG_ALERT, " | path:", path)
+				LogMessage(LOG_ALERT, " | rule namespace:", yaraResult[i].Namespace)
+				LogMessage(LOG_ALERT, " | rule name:", yaraResult[i].Rule)
+			}
 		}
 
 		// if file type is an archive, extract and calculate checksum for every file inside
