Olivia
Online
Victor M. Alvarez
@plusvic
Software Engineer at
Joined June 2009
200 Following
4.4K Followers
1.5K Posts
@wessorh Yes, you submit a PR
YARA-X 1.17.0 has been released. This time with the long-awaited `--fast-scan` option. https://t.co/bmmQP7Rp8A
@wessorh With this new repository I have the intention of creating a canonical benchmarking suite for YARA-X and YARA: https://t.co/4A9wWQgEDu
I'll be adding more rules and files in the future. The idea is covering all those cases in which YARA and YARA-X tend to differ in performance.
@wessorh Yep, much better if you use a corpus of real files, specially if rules are making use of modules like pe, elf, etc.
Who to follow
Nextron Systems
@nextronsystems
Managed Compromise Assessments #YARA #IOCs #DFIR #APT #Sigma - the home of @thor_scanner, ASGARD and the Aurora Agent
Malpedia
@malpedia
A curated, high-quality malware corpus.
Zoo keepers: @push_pnx and @steffenenders_
Joe Security 
@joe4security
Deep Malware and Phishing Analysis for Windows, Android, macOS and Linux.
@wessorh From the number of files, and their total size, I would say that the time is dominated by rule compilation/loading, and that would explain the bad results of YARA-X. For benchmarking scanning speed I would recommend bigger and more files, so that the scanning phase takes longer.
@cyb3rops @wessorh I found this conversation with @regeciovad but it doesn't contain details. https://t.co/V1oJN4XhO8
For those who are interested in learning about the recent performance improvements in YARA-X:
https://t.co/dq4Cp6Oe0q
@wessorh I also would like to figure out why YARA-X seems to be consistenly slower than YARA C in your tests. My own tests point in the opposite direction after the improvements in YARA-X 1.16.0. But performance is very sensitive the the rules and files scanned.
@wessorh Contributions are always welcomed. For instance, a canonical set of rules and files that can be used for benchmarking would be really great. So that different implementations can be compared using that canonical set.
@halvarflake I feel the same. For projects that I really care about my strategy consists in forcing myself to treat the AI like a pair-programming buddy. With that mindset I feel productive but in control, and actually end up learning a few things from the AI.
@dev_metthal No, in such cases it won't help. You are probably thinking about cases in which the same function is called with multiple regexes, right?
@wessorh That sounds very interesting. If you can point me out to some repository I would take a look. Also, I think it would be great to have a canonical set of rules and files for benchmarking. I can come up with something.
YARA-X 1.16.0 is out!
This time with performance improvements that make it much faster. With this release YARA-X is faster than traditional YARA in almost every case.
https://t.co/dWYX5PmJy2
YARA-X 1.15.0 is out!
https://t.co/jdYNwa75dU
Last Seen Users on Sotwe
Trends for you
Most Popular Users
Elon Musk
@elonmusk
240.1M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.6M followers
Cristiano Ronaldo
@cristiano
108.8M followers
Narendra Modi
@narendramodi
106.9M followers
Rihanna
@rihanna
97.2M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.5M followers
KATY PERRY
@katyperry
86.7M followers
Taylor Swift
@taylorswift13
80.5M followers
Lady Gaga
@ladygaga
72.1M followers
Kim Kardashian
@kimkardashian
69.3M followers
YouTube
@youtube
68.6M followers
Virat Kohli
@imvkohli
68.4M followers
Bill Gates
@billgates
63.4M followers
The Ellen Show
@theellenshow
62.5M followers
CNN
@cnn
61.9M followers
Neymar Jr
@neymarjr
60.9M followers
X
@x
60.9M followers
CNN Breaking News
@cnnbrk
59.9M followers