Metadata-Version: 2.1
Name: yara-mail
Version: 2.0.2
Summary: A Python package and command line utility for scanning emails with YARA rules
Project-URL: Homepage, https://github.com/seanthegeek/yaramail
Project-URL: Documentation, https://seanthegeek.github.io/yaramail/
Project-URL: Issues, https://github.com/seanthegeek/yaramail/issues
Project-URL: Changelog, https://github.com/seanthegeek/yaramail/blob/master/CHANGELOG.md
Author-email: Sean Whalen <whalenster@gmail.com>
Keywords: YARA,email,information security,infosec,security
Classifier: License :: OSI Approved :: Apache Software License
Classifier: Operating System :: OS Independent
Classifier: Programming Language :: Python :: 3
Classifier: Topic :: Communications :: Email
Classifier: Topic :: Security
Requires-Python: >=3.7
Requires-Dist: mailsuite>=1.9.4
Requires-Dist: pdftotext==2.2.2
Requires-Dist: simplejson>=3.17.6
Requires-Dist: yara-python>=4.2.0
Description-Content-Type: text/markdown

<div align="center">
  <img src="https://seanthegeek.github.io/yaramail/_static/yaramail-logo.png" style="padding-top: 10px" alt="yaramail logo">
<h1 style="margin-top: 0; padding-top: 0">yaramail</h1>

  [![PyPI](https://img.shields.io/pypi/v/yara-mail)](https://pypi.org/project/yara-mail/)
  [![PyPI - Downloads](https://img.shields.io/pypi/dm/yara-mail?color=blue)](https://pypistats.org/packages/yara-mail)
</div>

`yaramail` is a Python package and command line utility for scanning emails with
[YARA rules][yara]. It is Ideal for automated triage of phishing reports.

## Features

- Scans all parts of an email via API or CLI
  - Headers
    -  Removes header indents by default for consistent scanning
  - Plain text and HTML body content
    - Converts body content to Markdown by default for consistent scanning
  - Attachments
    - Raw file content
    - Emails attached to emails
    - PDF document text
    - ZIP file contents, including nested ZIP files
      - Customizable list of passwords to use when attempting to scan encrypted ZIP files
- Provides a built-in methodology for categorizing emails
- Parses `Authentication-Results` headers


[yara]: https://yara.readthedocs.io/en/stable/writingrules.html

