You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Raphael_m edited this page Jun 20, 2025
·
8 revisions
Yet Another Ridiculous Acronym
YARA RULES are logical expressions used to classify and identify malware samples by defining specific textual or binary malware detection patterns.
They are use in different context but were mainly developed for malware researcher and detection.
They were created by Victor Álvarez when he was working at VirusTotal a google subsidiary which specialize in malware research and detection. Over time, VirusTotal adopted and integrated YARA deeply into its own malware scanning and rule-testing infrastructure. And eventually, the tools they created to use YARA rules became open source and was embraced widely by the security community.
so YARA the open source software is a library that you can use to pattern matched rules with data. It is written in C and has a variety of API to handle C++ and other language implementation.
The initial plan
At the start we were planning to use YARA libc and integrate it in our rust code, but integrating it cause a lot of complexity.