Skip to content

davbo/yara-rs

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

34 Commits
demo-extension
demo-extension
 
 
demo
demo
 
 
sample-miners
sample-miners
 
 
src
src
 
 
tests
tests
 
 
yara-macro
yara-macro
 
 
yara-rs-fastly
yara-rs-fastly
 
 
.envrc
.envrc
 
 
.gitignore
.gitignore
 
 
Cargo.toml
Cargo.toml
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
shell.nix
shell.nix
 
 

Repository files navigation

yara-rs

yara pattern matching in Rust / WebAssembly.

Current features

Parses a subset of yara and can perform basic string / hex matches.

Running the demo

The demo shows how a malicious cryptocurrency miner, cryptonight can be matched and prevented from running.

If you'd like to give it a try run the following:

yara-rs$ wasm-pack build --target=web
yara-rs$ python3 -m http.server

Now visit http://localhost:8000/demo/ and you should see the following the developer console:

Match against rule: cryptonight
Error: Matched yara Rule

This means the cryptonight Wasm file was downloaded, checked against the yara rule and a match was found. The Error thrown prevents the file being loaded.

demo-extension

Web extension (tested in Firefox) to demonstrate how wasm can be matched as they are downloaded to the browser.

About

yara pattern matching in rust

Topics

rust wasm virus-scanning yara

Resources

Readme

License

BSD-3-Clause license
Activity

Stars

2 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages