Yara is an Open Source multi-platform program to help identify and classify malware samples- it is geared toward malware researchers but usable for all.
Yara is an Open Source multi-platform program to help identify and classify malware samples- it is geared toward malware researchers but usable for all.
Yara permits you to create descriptions of malware families based on textual or binary patterns. Each description, a.k.a. rule, consists of strings and a boolean expression that determines its logic. Yara rules are relatively straightforward to write and understand and have a syntax resembling C language. Each rule in YARA starts with the keyword rule followed by a rule identifier. Identifiers must follow the same lexical conventions of the C programming language. They can contain any alphanumeric character and the underscore character, but the first character cannot be a digit. Rule identifiers are case-sensitive and cannot exceed 128 characters.
Yara gives you the ability to set rules in the search for malware, allowing you to define the parameters needed to complete the query. There is an in-depth documentation section available that provides examples of usage to get you started.
Yara Features:
With Yara, you can create descriptions of malware families
Each description, a.k.a. rule, consists of a set of strings and a boolean expression that determine its logic
Yara is multi-platform, running on Windows, Linux, and Mac (see documentation section for Linux and Mac.)
It can be used through its command-line interface
It can be used from your Python scripts with the Yara-python extension
Similar:
How to Tell the Difference Between a Virus and a False Positive
What's the Best Antivirus and Is Windows Defender Good Enough?
Which Anti-Malware App Is Best and Can It Run Alongside My Antivirus
Download