Wednesday, June 04, 2025

YARA-X 1.0.0: The Stable Release and Its Advantages

Audio version of this post, created with NotebookLM Deep Dive

Short note for everyone who already lives and breathes YARA:

Victor (aka plusvic) just launched YARA-X 1.0.0. Full details: https://virustotal.github.io/yara-x/blog/yara-x-is-stable/

What changes for you

Area
YARA 4.x
YARA-X
Engine C/C++, manual memory Rust, memory-safe
Rule compatibility ~99 % work as-is
Speed (regex / loops) Can bottleneck scans Often 5–10× faster
Error messages Generic Line-accurate, clearer
CLI Plain text Colour, JSON/YAML dump, shell completion
Future work Bug-fix only New features land here


Why move now

  • Performance – heavy rules (large regex, deep loops) finish seconds faster.
  • Safety – Rust core avoids the usual memory bugs and makes crashes rare.
  • Maintainability – parser and scanner are decoupled; easier to embed or extend.
  • Better tooling – built-in formatter (yara-x fmt), linter-friendly output.
  • Active roadmap – new language features will go to YARA-X only.

We already use YARA-X at VirusTotal for Livehunt and Retrohunt. Billions of files later, it behaves.

Give it a spin, report issues, and send feedback our way. Huge thanks to Victor for pushing the project this far. Let’s keep making pattern matching simpler and faster

.

0 comments:

Post a Comment