30 releases (breaking)

0.25.0 Feb 16, 2024
0.24.0 Nov 29, 2023
0.23.0 Nov 17, 2023
0.20.0 May 12, 2023
0.1.0 May 30, 2018

#5 in #virustotal

Download history 355/week @ 2023-11-03 605/week @ 2023-11-10 822/week @ 2023-11-17 668/week @ 2023-11-24 821/week @ 2023-12-01 394/week @ 2023-12-08 525/week @ 2023-12-15 275/week @ 2023-12-22 290/week @ 2023-12-29 267/week @ 2024-01-05 733/week @ 2024-01-12 702/week @ 2024-01-19 659/week @ 2024-01-26 613/week @ 2024-02-02 922/week @ 2024-02-09 1184/week @ 2024-02-16

3,445 downloads per month
Used in 6 crates (via yara)


98K SLoC

C 57K SLoC // 0.1% comments Rust 34K SLoC // 0.0% comments Happy 3K SLoC Visual Studio Project 2K SLoC C++ 785 SLoC // 0.3% comments Automake 317 SLoC // 0.1% comments Batch 212 SLoC Visual Studio Solution 192 SLoC M4 191 SLoC // 0.4% comments RPM Specfile 85 SLoC // 0.1% comments JavaScript 85 SLoC // 0.0% comments Python 35 SLoC // 0.8% comments Shell 4 SLoC // 0.3% comments Bitbake 2 SLoC

Contains (Windows exe, 2MB) 756684f4017ba7e931a26724ae61606b16b5f8cc84ed38a260a34e50c5016f59, (DOS exe, 360KB) ca21e1c32065352d352be6cde97f89c141d7737ea92434831f998080783d5386, (DOS exe, 320KB) yara/tests/data/pe_mingw, (Windows exe, 265KB) clusterfuzz-testcase-minimized-pe_fuzzer-567122, (DOS exe, 140KB) 33fc70f99be6d2833ae48852d611c8048d0c053ed0b2c626db4dbe902832a08b, (DOS exe, 79KB) yara/tests/data/pe_imports and 63 more.


Crates.io Documentation

Native bindings for the Yara library from VirusTotal. Only works with Yara v4.

More documentation can be found on the Yara's documentation.


By default, this crate uses bindgen to generate bindings on-the-fly, but you can also use the following features to use pre-built bindings file for different version of Yara. Just make sure the version you specify is the same that the version on your system!

  • bindgen: recommended: this is the default feature, to use generated bindings.
  • vendored: automatically compile and link libyara v4.5.0.
  • bundled-4_5_0: use pre-generated bindings for Yara 4.5.0. Useful if you do not want to install LLVM to run bindgen. However, you'll have to make sure you use a version of Yara with the same major and minor version number. List of supported targets:
    • x86_64-apple-darwin
    • x86_64-pc-windows-gnu
    • x86_64-pc-windows-msvc
    • x86_64-unknown-linux-gnu
    • x86_64-unknown-linux-musl

This is the default, when the vendored option is disabled. You can specify the following environment variables:

  • YARA_LIBRARY_PATH specifies the directory containing the Yara library binary.
  • YARA_INCLUDE_DIR specifies the directory containing the Yara include files, if you use the bindgen feature.

You can also specify the yara-static feature to link Yara statically rather than dynamically.

Compile options for libyara v4.5.0

When using the vendored feature, Yara will be automatically built and linked statically with yara-sys. You can set the following features change how Yara is built:


  • module-cuckoo: enable cuckoo module (depends on Jansson for parsing JSON).
  • module-magic: enable magic module (depends on libmagic).
  • module-macho: enable macho module.
  • module-dex: enable dex module.
  • module-debug-dex: enable dex module debugging.
  • module-dotnet: enable dotnet module.
  • module-hash: enable hash module.
  • profiling: enable rules profiling support.
  • ndebug: enable NDEBUG.
  • openssl-static: enable static link to OpenSSL rather then dynamically link.

ENV variables

  • YARA_CRYPTO_LIB - which crypto lib to use for the hash and pe modules. Header files must be available during compilation, and the lib must be installed on the target platform. Recognized values: OpenSSL, BoringSSL, Wincrypt, CommonCrypto or disable. (default: will choose based on target os).
  • YARA_DEBUG_VERBOSITY - Set debug level information on runtime (default: 0)
  • YARA_OPENSSL_DIR - If specified, the directory of an OpenSSL installation. The directory should contain lib and include subdirectories containing the libraries and headers respectively.
  • YARA_OPENSSL_LIB_DIR and YARA_OPENSSL_INCLUDE_DIR - If specified, the directories containing the OpenSSL libraries and headers respectively. This can be used if the OpenSSL installation is split in a nonstandard directory layout.

Each of these variables can also be supplied with certain prefixes and suffixes, in the following prioritized order:

  1. <var>_<target> - for example, YARA_CRYPTO_LIB_x86_64-unknown-linux-gnu
  2. <var>_<target_with_underscores> - for example, YARA_CRYPTO_LIB_x86_64_unknown_linux_gnu
  3. <var> - a plain YARA_CRYPTO_LIB, as above.

If none of these variables exist, yara-sys uses built-in defaults


Licensed under either of

at your option.