Short note for everyone who already lives and breathes YARA:
Victor (aka plusvic) just launched YARA-X 1.0.0. Full details: https://virustotal.github.io/yara-x/blog/yara-x-is-stable/
What changes for you
Engine | C/C++, manual memory | Rust, memory-safe |
Rule compatibility | – | ~99 % work as-is |
Speed (regex / loops) | Can bottleneck scans | Often 5–10× faster |
Error messages | Generic | Line-accurate, clearer |
CLI | Plain text | Colour, JSON/YAML dump, shell completion |
Future work | Bug-fix only | New features land here |
Why move now
- Performance – heavy rules (large regex, deep loops) finish seconds faster.
- Safety – Rust core avoids the usual memory bugs and makes crashes rare.
- Maintainability – parser and scanner are decoupled; easier to embed or extend.
- Better tooling – built-in formatter (yara-x fmt), linter-friendly output.
- Active roadmap – new language features will go to YARA-X only.
We already use YARA-X at VirusTotal for Livehunt and Retrohunt. Billions of files later, it behaves.
Give it a spin, report issues, and send feedback our way. Huge thanks to Victor for pushing the project this far. Let’s keep making pattern matching simpler and faster
.
0 comments:
Post a Comment