Adrian Johnson
TLDR:
- YARA-X is a full rewrite of YARA in Rust, promising better performance, reliability, and user experience.
- Key elements include better user experience, compatibility at the rule level, improved performance, security, and developer-friendliness.
Malware experts all over the world rely on YARA for their jobs, and the release of YARA-X marks a significant advancement in the tool’s capabilities. YARA-X is a new version of YARA written in Rust from the ground up, aiming to improve user experience, compatibility, performance, security, and developer integration.
The main goals of YARA-X include:
- Better User Experience: More mistake reports, modern command-line interface
- Compatibility at the rule level: Aiming for 99% rule-level compatibility with YARA
- Better Performance: Faster handling of complicated rules
- Better security and dependability: Built with Rust for reliability and security
- Friendly to developers: Official APIs for Python, Golang, and C
The decision to rewrite YARA in Rust was driven by the need for significant improvements and changes that would have been challenging to implement in the existing C codebase. Despite initial concerns about potential bugs and backward compatibility issues, the rewrite has resulted in a more manageable and reliable tool.
YARA-X is currently in beta but stable enough for use, especially from the command line or in a Python script. The tool has been tested at VirusTotal and is being actively developed and improved based on feedback from researchers and developers. The ultimate goal is to surpass YARA in every aspect and provide users with a superior malware research toolbox.
