Evaluate integration of Yara-forge #2035
Comments
|
hi @mlodic , can i work on this as my first contribution. |
|
yep you are welcome. What we need is a new analyzer that download periodically these rules and execute them. |
|
Hey @mlodic I went through the medium article as well as read some Yara-forge documentation. What I get is that we want to create an analyser that frequently updates the YARA rules as they are updated in YARA forge and a function to execute these rules. I would like to work on this. As this would be my first contribution, I'll appreciate it if you could guide me. |
|
hey @decodingafterlife, feel free to start. Please follow the guidelines in the documentation and you won't have any problem. Then, if some questions come up, please open a draft PR so we can have a conversation there |
|
Great Ill start working then |
|
Hey @mlodic do we want this to be a completely new analyzer wherein it automatically downloads the rules from yara-forge when the analyzer is used by a user (so it locally downloads them whenever the user uses the specific analyzer) or we want the rules to be uploaded and stored in this repo itself in a new directory, updated as new releases are released and maybe integrate it with already existing analyzer such as 'yara' (by default if user doesn't give specific yara rules) |
|
I think we should create a completely new analyzer so the users can choose between the new and the old one.
This should happen only if there is no local cache otherwise the analysis would be too slow. Ideally, the Yara forge rules should be downloaded periodically with a cronjob, like we do for the old analyzer.
Not in the repo itself, this could violate licenses and is generally problematic. We should download and update them with a cronjob and save them in the file storage of the principal container |
|
as mentioned here it would make sense to use Yara-X for this task |
|
Hi @mlodic, I have already started exploring and testing the issue to understand it further. Here's the approach I plan to follow:
Could you assign this issue to me? I’m excited to contribute! |
|
Hi @AnshSinghal, |
|
Hey guys, don't bother too much about Yara-X at this time to avoid unnecesary additional complexity. @AnshSinghal any update on this? After 2 weeks without any activity, we have the rule of removing the assignment as you can see in the Contribute's docs. |
|
Hi I created the analyzer but having issues to test because I work on windows. Need some time to test on other device |
|
I strongly suggest to use an Ubuntu VM if you have to use your Windows Workstation |
https://cyb3rops.medium.com/introducing-yara-forge-a77cbb77dcab. We could re-evaluate how we manage the rules.
They update the list once in a week. This would remove the efforts of maintaining a list of decent yara rules repositories. We could just download these rules and remove the other repos by default
The text was updated successfully, but these errors were encountered: