Skip to content

All about YARA

Raphael_m edited this page Jun 20, 2025 · 8 revisions

Yet Another Ridiculous Acronym

YARA RULES are logical expressions used to classify and identify malware samples by defining specific textual or binary malware detection patterns. They are use in different context but were mainly developed for malware researcher and detection.

They were created by Victor Álvarez when he was working at VirusTotal a google subsidiary which specialize in malware research and detection. Over time, VirusTotal adopted and integrated YARA deeply into its own malware scanning and rule-testing infrastructure. And eventually, the tools they created to use YARA rules became open source and was embraced widely by the security community.

so YARA the open source software is a library that you can use to pattern matched rules with data. It is written in C and has a variety of API to handle C++ and other language implementation.

The Plan

At the start we were planning to use YARA libc and integrate it in our rust code, but integrating a c library in rust cause a lot of complexity. Thankfully for us VirusTotal has been rewriting its yaralib in Rust, the reason for that being better security and faster analysis speed. So now our project doesn't integrate any c and is written entirely in Rust.

Clone this wiki locally