macOS
brew install yaralocal Homebrew formula metadata
sudo port install yaraMacPorts ports tree · security/yara/Portfile · ソース: api.github.com
brew
yara のインストール経路、実行ファイル、メタデータ、AI エージェント向けセキュリティノートを確認します。
インストール
brew install yaralocal Homebrew formula metadata
sudo port install yaraMacPorts ports tree · security/yara/Portfile · ソース: api.github.com
sudo apk add yaraAlpine Linux edge package indexes · yara · ソース: dl-cdn.alpinelinux.org
sudo dnf install yaraFedora Rawhide package metadata · yara · ソース: dl.fedoraproject.org
nix profile install nixpkgs#yaranixpkgs package indexes · pkgs/by-name/ya/yara/package.nix · ソース: api.github.com
sudo pacman -S yaraArch Linux sync databases · yara · ソース: geo.mirror.pkgbuild.com
sudo zypper install yaraopenSUSE Tumbleweed package metadata · yara · ソース: download.opensuse.org
choco install yaraChocolatey community package catalog · yara · ソース: community.chocolatey.org
scoop install main/yaraScoop official bucket manifest trees · bucket/yara.json · ソース: api.github.com
winget install --id VirusTotal.YARA -eWindows Package Manager source index · VirusTotal.YARA · ソース: cdn.winget.microsoft.com
概要
Malware identification and classification tool
履歴
YARA is VirusTotal's rule-based pattern-matching tool for malware researchers and incident responders. It lets analysts describe malware families, file traits, or other detectable artifacts with strings, byte patterns, regular expressions, metadata, and boolean conditions, then scan files, directories, or process memory.
YARA's manual page dates the `yara` command to 2008-09-22 and names Victor M. Alvarez as author. The current VirusTotal GitHub repository was created on 2012-12-06, and the first GitHub release returned by the API is YARA v2.0.0 in August 2014.
The project became the pattern-matching 'Swiss knife' for malware researchers by keeping a compact rule language while adding modules, compiled rules, Python bindings, and multi-platform support. The README and official docs describe use from the command line and from Python scripts through yara-python.
In the mid-2020s, YARA's history shifted from active feature growth to maintenance. The README now points to the YARA-X stability announcement and marks the classic YARA project as maintenance mode, with new feature work moving to the Rust rewrite.
YARA's adoption is unusually broad for a command-line security tool. The upstream README maintains a long 'Who's using YARA' list that includes antivirus vendors, incident-response products, sandboxes, intelligence platforms, reverse-engineering tools, and VirusTotal itself.
Its practical appeal is portability of detection logic. A YARA rule can move from a researcher's laptop to a malware sandbox, a retrohunt service, an endpoint product, or a CI check for detection rules. That made it a common exchange format for malware-family knowledge, not just a local scanner.
Users write one or more rule files, compile them with `yarac` when useful, and run `yara` against files, directories, or PIDs. Options support namespaces, external variables, module data, metadata printing, string-match output, fast scans, warnings control, and scanning process memory in chunks.
In security operations, YARA is used for malware triage, hunting known families and variants, validating rule collections, retroactive corpus searches, sandbox classification, and embedding detection logic into larger analysis systems through libyara or yara-python.
YARA is one of the canonical examples of a domain-specific language packaged as a Unix tool. The package matters because it ships not just an executable, but a rule language, compiler, C library, Python ecosystem, and compatibility target for thousands of shared security rules.
The YARA-to-YARA-X transition is also important packaging history: a widely deployed security utility entered maintenance mode while its official successor was distributed beside it, letting package managers carry both the stable incumbent and the future implementation.
セキュリティ状態
narrow executable package without higher-risk signals.
リスク グリーン · 信頼度 低 · appliance
エージェントに無人実行させる前に、このツールが平文の認証情報を読むか、リモート状態を書き込むか、成果物を公開するか、プラグインを起動するかを確認してください。
実行可能ファイル
| コマンド | 種類 | 公開範囲 | メモ |
|---|---|---|---|
yara | cli | グローバル実行可能ファイル | |
yarac | cli | グローバル実行可能ファイル |
鮮度
これらの信号は、ページ生成時期、パッケージマネージャの活動、上流リリース比較を分けて示します。バージョン遅れは、証拠 URL と比較可能なバージョンがある場合だけ警告されます。
https://github.com/VirusTotal/yara
インストールメタデータ
| パッケージキー | brew:yara |
|---|---|
| バージョン | 4.5.5 |
| パッケージマネージャ | Homebrew |
| パッケージマネージャページ | https://formulae.brew.sh/formula/yara |
| ホームページ | https://virustotal.github.io/yara/ |
| リポジトリ | https://github.com/VirusTotal/yara |
| 上流ドキュメント | https://yara.readthedocs.io/en/stable |
| ライセンス | BSD-3-Clause |
| ソースアーカイブ | https://github.com/VirusTotal/yara/archive/refs/tags/v4.5.5.tar.gz |
| 最終更新 | 2026-06-15T10:21:24-04:00 |
| Pulse | updated |
| 依存関係 | jansson, libmagic, openssl@3, protobuf-c |
| ビルド依存関係 | autoconf, automake, libtool, pkgconf |
| Bottle | 利用可能 (対象 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | 未定義 |
| サービス | 宣言なし |
レジストリ情報
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | yara |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
ソースデータベース一致
一致は外部パッケージマネージャインデックスから取得され、ローカルの Automic Vault パッケージリンクとは分けて表示されます。
libyara-dev 4.5.2-1
YARA development libraries and headers
https://virustotal.github.io/yara/
sudo apt install libyara-devlibyara10 4.5.2-1
YARA shared library
https://virustotal.github.io/yara/
sudo apt install libyara10yara 4.5.2-1
Pattern matching swiss knife for malware researchers
https://virustotal.github.io/yara/
sudo apt install yarayara-doc 4.5.2-1
HTML documentation for YARA
https://virustotal.github.io/yara/
sudo apt install yara-docyara
nix profile install nixpkgs#yaralibyara-dev 4.5.0-1build2
YARA development libraries and headers
https://virustotal.github.io/yara/
sudo apt install libyara-devlibyara10 4.5.0-1build2
YARA shared library
https://virustotal.github.io/yara/
sudo apt install libyara10yara 4.5.0-1build2
Pattern matching swiss knife for malware researchers
https://virustotal.github.io/yara/
sudo apt install yarayara-doc 4.5.0-1build2
HTML documentation for YARA
https://virustotal.github.io/yara/
sudo apt install yara-docyara 4.5.7-r0
Pattern matching swiss knife for malware researchers
https://virustotal.github.io/yara/
sudo apk add yarayara-dev 4.5.7-r0
Pattern matching swiss knife for malware researchers (development files)
https://virustotal.github.io/yara/
sudo apk add yara-devyara-doc 4.5.7-r0
Pattern matching swiss knife for malware researchers (documentation)
https://virustotal.github.io/yara/
sudo apk add yara-docyara 4.5.7-1.fc45
Pattern matching Swiss knife for malware researchers
https://VirusTotal.github.io/yara/
sudo dnf install yarayara-devel 4.5.7-1.fc45
Development files for yara
https://VirusTotal.github.io/yara/
sudo dnf install yara-develyara-doc 4.5.7-1.fc45
Documentation for yara
https://VirusTotal.github.io/yara/
sudo dnf install yara-docyara 4.5.6-1
Tool aimed at helping malware researchers to identify and classify malware samples
https://github.com/VirusTotal/yara
sudo pacman -S yaraソース経路
このページは scripts/generate-pkg-sqlite.py が生成した非公開のパッケージ SQLite アーティファクトから av-web によって提供されます。
View the package source record on GitHub.