For over 15 years, YARA has been growing and evolving until it became an indispensable tool in every malware researcher’s toolbox. Throughout this time YARA has seen numerous updates, with new features added and countless bugs fixed. But today, I’m excited to announce the biggest change yet: a full rewrite.
YARA-X is a completely new implementation of YARA in Rust, and it has the following goals:
- Better user experience: The new command-line interface is more modern and colorful, and error reports are now more explicative. More features aimed at improving the user’s experience will be incorporated in the future.
- Rule-level compatibility: While achieving 100% compatibility is tough, our aim is to make YARA-X 99% compatible with YARA at the rule level. Incompatibilities should be minimal and thoroughly documented.
- Improved performance: YARA is known for its speed, but certain rules, especially those utilizing regular expressions or complex loops, can slow it down. YARA-X excels with these rules, often delivering significantly faster results. Our ultimate goal is for YARA-X to outperform YARA across the board.
- Enhanced reliability and security: YARA’s complexity in C code can lead to bugs and security vulnerabilities. YARA-X is built with Rust, offering greater reliability and security.
- Developer-friendly: We’re prioritizing ease of integration into other projects and simplified maintenance. Official APIs for Python, Golang, and C are provided to facilitate seamless integration. YARA-X also addresses some of the design flaws that made YARA challenging to maintain and extend.
Why a rewrite?
Was a complete rewrite necessary to achieve such goals? This question lingered in my mind for a long time before deciding to rewrite YARA. Rewriting is risky, it introduces new bugs, backward compatibility issues, and doubles the maintenance efforts, since legacy code doesn’t disappear after launching the new system. In fact, the legacy system may be still in use for years, if not decades.
However, I believe a rewrite was the right decision for mu
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: