科技回声

9 条评论

lima12 个月前

The risk with such rewrites is ending up with a Python 3 situation and an ecosystem split. Sounds like YARA-X is (mostly) a stricter subset of YARA, and it's easy to write rules that are valid for both:<a href="https://virustotal.github.io/yara-x/docs/writing_rules/differences-with-yara/" rel="nofollow">https://virustotal.github.io/yara-x/docs/writing_rules/diffe...</a>Although I wonder how long it'll stay that way? It'll be very tempting to add new features to YARA-X that won't be backported to YARA.

评论 #40406824 未加载

skybrian12 个月前

For curious onlookers, here's an explanation of what Yara does:<a href="https://virustotal.github.io/yara/" rel="nofollow">https://virustotal.github.io/yara/</a>

rwmj12 个月前

Yara seems to be quite widely used by the UK police for digital forensics (or at least by the companies that supply their tools).

评论 #40406094 未加载

kingforaday12 个月前

After reading the article, a fun thought popped into my head. Who has the right to determine if a project like this is dead or EOL'd? Is it the original author to make that declaration or when it is under BSD license, wide community-use, and support -- when does a project like this truly become dead or EOL'd?

评论 #40406905 未加载

评论 #40407453 未加载

评论 #40413707 未加载

评论 #40407556 未加载

badrabbit12 个月前

If all you have is a Rusty hammer, everything is a nail.Third party module dev is harder now for yara-x. And I wonder how the python module will turn out.Neither 3rd party/go clients nor the official virustotal C client could meet my requirements, I had to write a scanner in python on at least two different times and having to do it again soon. The main issues are resource usage, result shuffling and supporting very large proprietary ruled that depend on specific yara modules.Crowsresponse by crowdstrike is better too but it still has limits. Python is the best way to yara.

评论 #40408186 未加载

banish-m412 个月前

YARA is on every Mac and about half of corporate laptops.

评论 #40410533 未加载

nsonha12 个月前

was this made in Melbourne, Australia by any chance?

serhack_12 个月前

TL;DR: <a href="https://github.com/VirusTotal/yara-x">https://github.com/VirusTotal/yara-x</a>

评论 #40405852 未加载

petiepooo12 个月前

YARA-X is dead, long love the next fad

9 条评论

lima12 个月前

评论 #40406824 未加载

skybrian12 个月前

For curious onlookers, here's an explanation of what Yara does:<a href="https://virustotal.github.io/yara/" rel="nofollow">https://virustotal.github.io/yara/</a>

rwmj12 个月前

Yara seems to be quite widely used by the UK police for digital forensics (or at least by the companies that supply their tools).

评论 #40406094 未加载

kingforaday12 个月前

评论 #40406905 未加载

评论 #40407453 未加载

评论 #40413707 未加载

评论 #40407556 未加载

badrabbit12 个月前

评论 #40408186 未加载

banish-m412 个月前

YARA is on every Mac and about half of corporate laptops.

评论 #40410533 未加载

nsonha12 个月前

was this made in Melbourne, Australia by any chance?

serhack_12 个月前

TL;DR: <a href="https://github.com/VirusTotal/yara-x">https://github.com/VirusTotal/yara-x</a>

评论 #40405852 未加载

petiepooo12 个月前

YARA-X is dead, long love the next fad

YARA is dead, long live YARA-X

9 条评论

YARA is dead, long live YARA-X

9 条评论