SoylentNews

20/04/30/2019219 story

YARA v4.0.0 Released - The Pattern Matching Swiss Knife

posted by martyb on Friday May 01 2020, @02:29AM   
from the just-in-case-you-are-not-having-enough-fun-with-just-regexp dept.

An Anonymous Coward writes:

YARA version 4.0.0 has been released.

YARA is the name of a tool primarily used in malware research and detection. YARA was originally developed by Victor Alvarez of VirusTotal. The name is either an abbreviation of YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox. [1]

From the YARA github page:

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.

[...] more complex and powerful rules can be created by using wild-cards, case-insensitive strings, regular expressions, special operators and many other features that you'll find explained in YARA's documentation.

YARA has been called, "The pattern matching swiss knife."

[1] https://en.wikipedia.org/wiki/YARA

---

Original Submission

• Gold standard?(Score: 1, Funny) by Anonymous Coward on Friday May 01 2020, @02:50AM

  by Anonymous Coward on Friday May 01 2020, @02:50AM (#988807)

  Has it been used by genome researchers yet?
  Or are they still using Notepad -- https://xkcd.com/2298/ [xkcd.com]

• I've found the malware(Score: 2) by FatPhil on Friday May 01 2020, @07:05AM

  by FatPhil (863) <pc-soylentNO@SPAMasdf.fi> on Friday May 01 2020, @07:05AM (#988834) Homepage

  Have they fixed the users yet? Users seem to mostly split into two classes - those who make bad decisions about what to do, and those who don't even go through a decision making process before doing something stupid. Until you fix humans, you'll never fix viruses, and you'll never fix humans.
  
  Ambiguity deliberate.

  --
  Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves

• Common ToolsCommon Tools (Score: 2) by Mojibake Tengu on Friday May 01 2020, @08:31AM (2 children)

  by Mojibake Tengu (8598) on Friday May 01 2020, @08:31AM (#988844) Journal

  On FreeBSD, YARA is in pkg, as well as Sourcefire Razerback framework, which actually uses YARA as one of its Nuggets.

  --
  Rust programming language offends both my Intelligence and my Spirit.

  • Re:Common ToolsRe:Common Tools (Score: 2) by hendrikboom on Friday May 01 2020, @02:39PM (1 child)

    by hendrikboom (1125) on Friday May 01 2020, @02:39PM (#988980) Homepage Journal

    Also packaged in Devuan. And I'd guess Debian. Also packaged: documentation, libary and various programming language bindings.
    Version 3.9.0-1.

    Parent

    • It's Everywhere!(Score: 0) by Anonymous Coward on Friday May 01 2020, @09:23PM

      by Anonymous Coward on Friday May 01 2020, @09:23PM (#989203)

      Just like a virus!

      $ dnf search yara
      Last metadata expiration check: 8 days, 15:32:16 ago on Thu 23 Apr 2020 01:48:50 AM EDT.
      ========================= Name Exactly Matched: yara=================
      yara.i686 : Pattern matching Swiss knife for malware researchers
      yara.x86_64 : Pattern matching Swiss knife for malware researchers
      ========================== Name & Summary Matched: yara===================
      yara-doc.noarch : Documentation for yara
      yara-devel.i686 : Development files for yara
      yara-devel.x86_64 : Development files for yara
      python3-yara.x86_64 : Python3 binding for the YARA pattern matching tool
      vim-syntastic-yara.noarch : A syntax checker for yara programming language
      

      Parent