Feature flags of YARA-X crate // Lib.rs

Cargo Features

[dependencies]
yara-x = { version = "0.2.0", default-features = false, features = ["constant-folding", "exact-atoms", "fast-regexp", "logging", "rules-profiling", "x509-parser-verify", "console-module", "dotnet-module", "elf-module", "hash-module", "lnk-module", "macho-module", "magic-module", "math-module", "pe-module", "string-module", "test_proto2-module", "test_proto3-module", "text-module", "time-module"] }

constant-folding default: Enables constant folding. When constant folding is enabled, expressions like 2+2+2 and true or false, whose value can be determined at compile time, will be reduced to its final value, instead of producing code that actually computes the expression.
exact-atoms default: Enables the use of exact atoms for speeding up matches. Exact atoms are those that don't require further verification, the sole presence of the atom indicates that the pattern containing the atom matches. For instance, in pattern /abc(d|e)/, the atom "abcd" is an exact atom, by finding the atom "abcd" we can be sure that the whole regexp matches. However, the atom "abc"
is not exact, finding "abc" is not enough, the regexp must be evaluated in order to verify if it matches. If this feature is not enabled exact atoms are treated as standard (non-exact) atoms.
fast-regexp default: Enables the use of FastVM for matching regular expression, as an alternative to PikeVM. This feature is enabled by default, and its purpose is disabling the fast regexp matching mechanism for testing purposes.
logging rules-profiling?: Enables debug logs.

Enables log
rules-profiling = logging: Enables rules profiling. When this is enabled together with logging the logs will contain information about the most expensive rules after each scan. Notice that profiling itself has a noticeable impact on performance.
x509-parser-verify: When enabled use the logic included in the x509-parser crate for verifying certificates. If not enabled we use our ouwn logic. This is disabled by default.

Enables verify of x509-parser
console-module default: Features for enabling/disabling modules.

For each module we have a <module name>-module feature that controls whether a given module is built or not. For instance, if the feature foo-module is enabled, the module foo will be built into YARA.

The console module exports functions for printing text from YARA rules.
dotnet-module default = pe-module: The dotnet module parsers .NET files.

Enables nom
elf-module default: The elf module parses ELF files.

Enables md-5, nom, and tlsh-fixed
hash-module default: The hash module provides functions for computing md5, sha1, sha-256, crc32 and checksum.

Enables crc32fast, md-5, sha1, and sha2
lnk-module default: The lnk module parses LNK files.

Enables nom and uuid
macho-module default: The macho module parses Mach-O files.

Enables nom and roxmltree
magic-module: The magic allows recognizing file types based on the output of the Unix file command. This feature is disabled by default.

Enables magic
math-module default: The math module.
pe-module default dotnet-module: The pe module parses PE files.

Enables const-oid, der-parser, digest, dsa, ecdsa, md-5, nom, p256, p384, rsa, sha1, sha2, and x509-parser
string-module default: The string modules offer some functions for parsing strings as integers, determining a string length, etc.
test_proto2-module default: Test modules to be used only in test cases.
test_proto3-module default
text-module: The text module is an example module described in the Module's Developer Guide. Not very useful in real life.

Enables lingua
time-module default: The time module allows you to retrieve epoch in seconds that can be used in conditions of a rule to check againts other epoch time.
default = console-module, constant-folding, dotnet-module, elf-module, exact-atoms, fast-regexp, hash-module, lnk-module, macho-module, math-module, pe-module, string-module, test_proto2-module, test_proto3-module, time-module: Features that are enabled by default.