YARA-X

YARA-X is a re-incarnation of YARA, a pattern matching tool designed with malware researchers in mind. This new incarnation intends to be faster, safer and more user-friendly than its predecessor. The ultimate goal of YARA-X is to serve as the future replacement for YARA.

News are coming, stay tuned!

lib.rs:

A YARA compiler and scanner completely written in Rust from scratch.

It is 99% compatible with existing YARA rules and intends to be a safer, more efficient implementation of YARA.

There are two main types in this crate: Compiler and Scanner. A compiler takes YARA source code and produces compiled Rules that are passed to the scanner for scanning files or in-memory data. The Rules produced by the compiler can be safely passed to multiple instances of Scanner, but each instance of the scanner can be used for scanning a single file or memory buffer at a time. The scanner can be re-used for scanning multiple files or memory-buffers, though.

Example

// Create a compiler.
let mut compiler = yara_x::Compiler::new();

// Add some YARA source code to compile.
compiler.add_source(r#"
rule lorem_ipsum {
strings:
$ = "Lorem ipsum"
condition:
all of them
}
"#).unwrap();

// Obtain the compiled YARA rules.
let rules = compiler.build();

// Create a scanner that uses the compiled rules.
let mut scanner = yara_x::Scanner::new(&rules);

// Scan some data.
let results = scanner.scan("Lorem ipsum".as_bytes()).unwrap();

assert_eq!(results.matching_rules().len(), 1);