macOS
brew install yaralocal Homebrew formula metadata
sudo port install yaraMacPorts ports tree · security/yara/Portfile · Quelle: api.github.com
brew
Prüfe Installationswege, Executables, Metadaten und Sicherheitshinweise für yara in AI-Agent-Workflows.
Installation
brew install yaralocal Homebrew formula metadata
sudo port install yaraMacPorts ports tree · security/yara/Portfile · Quelle: api.github.com
sudo apk add yaraAlpine Linux edge package indexes · yara · Quelle: dl-cdn.alpinelinux.org
sudo apt install yaraDebian stable package indexes · yara · Quelle: deb.debian.org
sudo dnf install yaraFedora Rawhide package metadata · yara · Quelle: dl.fedoraproject.org
nix profile install nixpkgs#yaranixpkgs package indexes · pkgs/by-name/ya/yara/package.nix · Quelle: api.github.com
sudo pacman -S yaraArch Linux sync databases · yara · Quelle: geo.mirror.pkgbuild.com
sudo zypper install yaraopenSUSE Tumbleweed package metadata · yara · Quelle: download.opensuse.org
choco install yaraChocolatey community package catalog · yara · Quelle: community.chocolatey.org
scoop install main/yaraScoop official bucket manifest trees · bucket/yara.json · Quelle: api.github.com
winget install --id VirusTotal.YARA -eWindows Package Manager source index · VirusTotal.YARA · Quelle: cdn.winget.microsoft.com
Überblick
Malware identification and classification tool
Verlauf
YARA is VirusTotal's rule-based pattern-matching tool for malware researchers and incident responders. It lets analysts describe malware families, file traits, or other detectable artifacts with strings, byte patterns, regular expressions, metadata, and boolean conditions, then scan files, directories, or process memory.
YARA's manual page dates the `yara` command to 2008-09-22 and names Victor M. Alvarez as author. The current VirusTotal GitHub repository was created on 2012-12-06, and the first GitHub release returned by the API is YARA v2.0.0 in August 2014.
The project became the pattern-matching 'Swiss knife' for malware researchers by keeping a compact rule language while adding modules, compiled rules, Python bindings, and multi-platform support. The README and official docs describe use from the command line and from Python scripts through yara-python.
In the mid-2020s, YARA's history shifted from active feature growth to maintenance. The README now points to the YARA-X stability announcement and marks the classic YARA project as maintenance mode, with new feature work moving to the Rust rewrite.
YARA's adoption is unusually broad for a command-line security tool. The upstream README maintains a long 'Who's using YARA' list that includes antivirus vendors, incident-response products, sandboxes, intelligence platforms, reverse-engineering tools, and VirusTotal itself.
Its practical appeal is portability of detection logic. A YARA rule can move from a researcher's laptop to a malware sandbox, a retrohunt service, an endpoint product, or a CI check for detection rules. That made it a common exchange format for malware-family knowledge, not just a local scanner.
Users write one or more rule files, compile them with `yarac` when useful, and run `yara` against files, directories, or PIDs. Options support namespaces, external variables, module data, metadata printing, string-match output, fast scans, warnings control, and scanning process memory in chunks.
In security operations, YARA is used for malware triage, hunting known families and variants, validating rule collections, retroactive corpus searches, sandbox classification, and embedding detection logic into larger analysis systems through libyara or yara-python.
YARA is one of the canonical examples of a domain-specific language packaged as a Unix tool. The package matters because it ships not just an executable, but a rule language, compiler, C library, Python ecosystem, and compatibility target for thousands of shared security rules.
The YARA-to-YARA-X transition is also important packaging history: a widely deployed security utility entered maintenance mode while its official successor was distributed beside it, letting package managers carry both the stable incumbent and the future implementation.
Sicherheitslage
narrow executable package without higher-risk signals.
grün Risiko · niedrig Konfidenz · appliance
Prüfe vor unbeaufsichtigter Agent-Nutzung, ob das Tool Klartext-Credentials liest, Remote-Zustand schreibt, Artefakte veröffentlicht oder Plugins ausführt.
Executables
| Befehl | Art | Sichtbarkeit | Hinweis |
|---|---|---|---|
yara | cli | globales Executable | |
yarac | cli | globales Executable |
Aktualität
Diese Signale trennen das Alter der Seitengenerierung, Aktivität des Paketmanagers und Upstream-Release-Vergleich. Versionsrückstand wird nur gemeldet, wenn eine Evidenz-URL und vergleichbare Versionen vorhanden sind.
https://github.com/VirusTotal/yara
Installationsmetadaten
| Paketschlüssel | brew:yara |
|---|---|
| Version | 4.5.5 |
| Paketmanager | Homebrew |
| Paketmanager-Seite | https://formulae.brew.sh/formula/yara |
| Homepage | https://virustotal.github.io/yara/ |
| Repository | https://github.com/VirusTotal/yara |
| Upstream-Dokumentation | https://yara.readthedocs.io/en/stable |
| Lizenz | BSD-3-Clause |
| Quellarchiv | https://github.com/VirusTotal/yara/archive/refs/tags/v4.5.5.tar.gz |
| Zuletzt aktualisiert | 2026-06-15T10:21:24-04:00 |
| Pulse | updated |
| Abhängigkeiten | jansson, libmagic, openssl@3, protobuf-c |
| Build-Abhängigkeiten | autoconf, automake, libtool, pkgconf |
| Bottle | verfügbar (auf arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | nicht definiert |
| Dienst | keiner deklariert |
Registry-Fakten
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | yara |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
Source-Datenbank-Treffer
Treffer stammen aus externen Paketmanager-Indizes und bleiben von lokalen Automic-Vault-Paketlinks getrennt.
libyara-dev 4.5.2-1
YARA development libraries and headers
https://virustotal.github.io/yara/
sudo apt install libyara-devlibyara10 4.5.2-1
YARA shared library
https://virustotal.github.io/yara/
sudo apt install libyara10yara 4.5.2-1
Pattern matching swiss knife for malware researchers
https://virustotal.github.io/yara/
sudo apt install yarayara-doc 4.5.2-1
HTML documentation for YARA
https://virustotal.github.io/yara/
sudo apt install yara-docyara
nix profile install nixpkgs#yaralibyara-dev 4.5.0-1build2
YARA development libraries and headers
https://virustotal.github.io/yara/
sudo apt install libyara-devlibyara10 4.5.0-1build2
YARA shared library
https://virustotal.github.io/yara/
sudo apt install libyara10yara 4.5.0-1build2
Pattern matching swiss knife for malware researchers
https://virustotal.github.io/yara/
sudo apt install yarayara-doc 4.5.0-1build2
HTML documentation for YARA
https://virustotal.github.io/yara/
sudo apt install yara-docyara 4.5.7-r0
Pattern matching swiss knife for malware researchers
https://virustotal.github.io/yara/
sudo apk add yarayara-dev 4.5.7-r0
Pattern matching swiss knife for malware researchers (development files)
https://virustotal.github.io/yara/
sudo apk add yara-devyara-doc 4.5.7-r0
Pattern matching swiss knife for malware researchers (documentation)
https://virustotal.github.io/yara/
sudo apk add yara-docyara 4.5.7-1.fc45
Pattern matching Swiss knife for malware researchers
https://VirusTotal.github.io/yara/
sudo dnf install yarayara-devel 4.5.7-1.fc45
Development files for yara
https://VirusTotal.github.io/yara/
sudo dnf install yara-develyara-doc 4.5.7-1.fc45
Documentation for yara
https://VirusTotal.github.io/yara/
sudo dnf install yara-docyara 4.5.6-1
Tool aimed at helping malware researchers to identify and classify malware samples
https://github.com/VirusTotal/yara
sudo pacman -S yaraQuellspur
Diese Seite wird von av-web aus dem privaten Paket-SQLite-Artefakt bereitgestellt, das scripts/generate-pkg-sqlite.py erstellt.
View the package source record on GitHub.