www.fgks.org   »   [go: up one dir, main page]
Jump to content

YARA

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by 108.36.229.19 (talk) at 04:47, 5 June 2023 (→‎History: Convention for use of 'either'. 'either' was definitely misplaced and probably redundant. Deleted 'either'. Punctuation. Deleted misused colon and comma.). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

For other uses, see Yara (disambiguation).

YARA is the name of a tool primarily used in malware research and detection.

It provides a rule-based approach to create descriptions of malware families based on regular expression, textual or binary patterns. A description is essentially a YARA rule name, where these rules consist of sets of strings and a boolean expression.[1]

History

YARA was originally developed by Victor Alvarez of VirusTotal, and released on GitHub in 2013.[2] The name is an abbreviation of Yet Another Recursive Acronym or Yet Another Ridiculous Acronym.[3]

Design

YARA by default comes with modules to process PE, ELF analysis, as well as support for the open-source Cuckoo sandbox.

See also

References

  1. ^ "Welcome to YARA's documentation! — yara 4.2.2 documentation". yara.readthedocs.io. Retrieved 2022-07-15.
  2. ^ "Release v1.7.1". GitHub.
  3. ^ Victor M. Alvarez [@plusvic] (22 September 2016). "@milliped @yararules YARA is an acronym for: YARA: Another Recursive Acronym, or Yet Another Ridiculous Acronym. Pick your choice" (Tweet) – via Twitter.

External links

Stub icon

This malware-related article is a stub. You can help Wikipedia by expanding it.

Retrieved from "https://en.wikipedia.org/w/index.php?title=YARA&oldid=1158616057"