This repository has been archived by the owner on Feb 11, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 284
40 times speed optimization #45
Comments
And extra profit: if you move the whitelist out of Yara, you can (almost for free) whitelist entire Magento/Wordpress/Whatever releases (millions of files). Which is really necessary, because the php-malware-finder produces 76 false positives on a standard Magento install (see above). |
Closed
I'd like to see benchmarks for the hash caching in yara. |
Yes, me too. Another potential optimization is using indexed lookups for hashes which my Python implementation does using |
This has now been upstreamed in |
14 tasks
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Hi NBS, thanks for your great work!
I found a huge optimization by moving the whitelist hashing out of Yara. My client implementation is 40x faster on a standard Magento 2.0.6 source, while scanning the same stuff:
vs
The profit comes from how inefficient Yara handles hashing. You mentioned that in the source already. They have recently improved things in the master branch a bit, but it will take a while before that version ends up in various Linux distributions.
To test
mwscan
on Ubuntu:Or CentOS:
Cheers!
Willem
(update: I've published mwscan as package, so you can do just
pip install mwscan
now)The text was updated successfully, but these errors were encountered: