YARA - Programming language

YARA, aka Yet Another Recursive Acronym, is an open source programming language created in 2008 by Victor M. Alvarez.

#234on PLDB

16Years Old

812Repos

Download source code:

git clone https://github.com/VirusTotal/yara

YARA is the name of a tool primarily used in malware research and detection. It provides a rule-based approach to create descriptions of malware families based on textual or binary patterns. A description is essentially a Yara rule name, where these rules consist of sets of strings and a boolean expression. Read more on Wikipedia...

Tags: programming language
YARA is developed on GitHub and has 7,981 stars
There are at least 812 YARA repos on GitHub
YARA is written in C, reStructuredText, XML, C++, starlark, YAML, Markdown, Bourne shell, Yacc, Lex, Bazel, Protocol Buffers, M4, Make, JavaScript, SVG, HTML, Python
The Google BigQuery Public Dataset GitHub snapshot shows 43 users using YARA in 46 repos on GitHub
GitHub supports syntax highlighting for YARA
See also: (3 related languages) Perl, Regular Expressions, Extensible Linking Format

Example from the web:

rule silent_banker : banker
{
    meta:
        description = "This is just an example"
        threat_level = 3
        in_the_wild = true

    strings:
        $a = {6A 40 68 00 30 00 00 6A 14 8D 91}
        $b = {8D 4D B0 2B C1 83 C0 27 99 6A 4E 59 F7 F9}
        $c = "UVODFRYSIHLNWPEJXQZAKCBGMT"

    condition:
        $a or $b or $c
}

Example from Linguist:

rule test { condition: true }