From c8c0a95cdfbf64fbda10b7608ee0ada320575988 Mon Sep 17 00:00:00 2001
From: egibs <20933572+egibs@users.noreply.github.com>
Date: Thu, 15 Aug 2024 17:19:48 -0500
Subject: [PATCH] Scan file descriptors rather than files per go-yara docs

Signed-off-by: egibs <20933572+egibs@users.noreply.github.com>
---
 pkg/action/scan.go | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/pkg/action/scan.go b/pkg/action/scan.go
index c1c5db1d6..07a66595f 100644
--- a/pkg/action/scan.go
+++ b/pkg/action/scan.go
@@ -82,7 +82,13 @@ func scanSinglePath(ctx context.Context, c bincapz.Config, yrs *yara.Rules, path
 	}
 
 	logger.Debug("calling YARA ScanFile")
-	if err := yrs.ScanFile(path, 0, 0, &mrs); err != nil {
+	f, err := os.Open(path)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	fd := f.Fd()
+	if err := yrs.ScanFileDescriptor(fd, 0, 0, &mrs); err != nil {
 		logger.Info("skipping", slog.Any("error", err))
 		return &bincapz.FileReport{Path: path, Error: fmt.Sprintf("scanfile: %v", err)}, nil
 	}