For the fifth post of the Know Your YARA Rules series, we want to create a comprehensive manual for regular expressions that would improve your YARA rules. Why is it so complicated? When discussing regular expressions, we must first address the...
In the third post of the Know Your YARA Rules series, we mentioned that something is cooking up in the YARA world. In this post, we will investigate what the future holds for the YARA tool and its users. We are introducing the next generation of the...
In the second post of the Know Your YARA Rules series, we will continue to explore more hurdles that keep you from achieving the maximum performance from your YARA rules. Today, we will demonstrate several examples where even a tiny change in your...
With this article, we are starting a new series on the Engineering blog – Know Your YARA Rules. In this series, we would like to share tips and tricks we learned from using YARA daily. We aim to pick fewer known facts about YARA and how it...
This blog post is based on some testing that I did some time ago. In my team at Avast, we are using Yara to its fullest potential, and even though we are satisfied with this tool overall, we’re constantly working on additional improvements (as...
This blog post is based on my paper Pattern Matching in YARA: Improved Aho-Corasick Algorithm and a pull request that I opened on the upstream version of Yara. My main goal is to describe the changes from a more practical point of view and also...
We were fighting with the ANR rate in our app for almost a year. We fixed all the bugs in our code and our libraries and reported some issues to 3rd party lib vendors. It was mostly executing a long operation on the main thread. But we were still...