macOS
brew install yaralocal Homebrew formula metadata
sudo port install yaraMacPorts ports tree · security/yara/Portfile · 来源: api.github.com
安装
brew install yaralocal Homebrew formula metadata
sudo port install yaraMacPorts ports tree · security/yara/Portfile · 来源: api.github.com
sudo apk add yaraAlpine Linux edge package indexes · yara · 来源: dl-cdn.alpinelinux.org
sudo dnf install yaraFedora Rawhide package metadata · yara · 来源: dl.fedoraproject.org
nix profile install nixpkgs#yaranixpkgs package indexes · pkgs/by-name/ya/yara/package.nix · 来源: api.github.com
sudo pacman -S yaraArch Linux sync databases · yara · 来源: geo.mirror.pkgbuild.com
sudo zypper install yaraopenSUSE Tumbleweed package metadata · yara · 来源: download.opensuse.org
choco install yaraChocolatey community package catalog · yara · 来源: community.chocolatey.org
scoop install main/yaraScoop official bucket manifest trees · bucket/yara.json · 来源: api.github.com
winget install --id VirusTotal.YARA -eWindows Package Manager source index · VirusTotal.YARA · 来源: cdn.winget.microsoft.com
概览
Malware identification and classification tool
历史
YARA is VirusTotal's rule-based pattern-matching tool for malware researchers and incident responders. It lets analysts describe malware families, file traits, or other detectable artifacts with strings, byte patterns, regular expressions, metadata, and boolean conditions, then scan files, directories, or process memory.
YARA's manual page dates the `yara` command to 2008-09-22 and names Victor M. Alvarez as author. The current VirusTotal GitHub repository was created on 2012-12-06, and the first GitHub release returned by the API is YARA v2.0.0 in August 2014.
The project became the pattern-matching 'Swiss knife' for malware researchers by keeping a compact rule language while adding modules, compiled rules, Python bindings, and multi-platform support. The README and official docs describe use from the command line and from Python scripts through yara-python.
In the mid-2020s, YARA's history shifted from active feature growth to maintenance. The README now points to the YARA-X stability announcement and marks the classic YARA project as maintenance mode, with new feature work moving to the Rust rewrite.
YARA's adoption is unusually broad for a command-line security tool. The upstream README maintains a long 'Who's using YARA' list that includes antivirus vendors, incident-response products, sandboxes, intelligence platforms, reverse-engineering tools, and VirusTotal itself.
Its practical appeal is portability of detection logic. A YARA rule can move from a researcher's laptop to a malware sandbox, a retrohunt service, an endpoint product, or a CI check for detection rules. That made it a common exchange format for malware-family knowledge, not just a local scanner.
Users write one or more rule files, compile them with `yarac` when useful, and run `yara` against files, directories, or PIDs. Options support namespaces, external variables, module data, metadata printing, string-match output, fast scans, warnings control, and scanning process memory in chunks.
In security operations, YARA is used for malware triage, hunting known families and variants, validating rule collections, retroactive corpus searches, sandbox classification, and embedding detection logic into larger analysis systems through libyara or yara-python.
YARA is one of the canonical examples of a domain-specific language packaged as a Unix tool. The package matters because it ships not just an executable, but a rule language, compiler, C library, Python ecosystem, and compatibility target for thousands of shared security rules.
The YARA-to-YARA-X transition is also important packaging history: a widely deployed security utility entered maintenance mode while its official successor was distributed beside it, letting package managers carry both the stable incumbent and the future implementation.
安全态势
narrow executable package without higher-risk signals.
绿色 风险 · 低 置信度 · appliance
在无人值守的代理使用前,请检查该工具是否读取明文凭据、写入远程状态、发布制品或调用插件。
可执行文件
| 命令 | 类型 | 暴露范围 | 备注 |
|---|---|---|---|
yara | cli | 全局可执行文件 | |
yarac | cli | 全局可执行文件 |
新鲜度
这些信号区分页生成时间、软件包管理器活动和上游发布比较。只有存在证据 URL 和可比较版本时,才会提示版本落后。
https://github.com/VirusTotal/yara
安装元数据
| 软件包键 | brew:yara |
|---|---|
| 版本 | 4.5.5 |
| 软件包管理器 | Homebrew |
| 软件包管理器页面 | https://formulae.brew.sh/formula/yara |
| 主页 | https://virustotal.github.io/yara/ |
| 仓库 | https://github.com/VirusTotal/yara |
| 上游文档 | https://yara.readthedocs.io/en/stable |
| 许可证 | BSD-3-Clause |
| 源码归档 | https://github.com/VirusTotal/yara/archive/refs/tags/v4.5.5.tar.gz |
| 最后更新 | 2026-06-15T10:21:24-04:00 |
| Pulse | updated |
| 依赖 | jansson, libmagic, openssl@3, protobuf-c |
| 构建依赖 | autoconf, automake, libtool, pkgconf |
| Bottle | 可用 (于 arm64_linux, arm64_sequoia, arm64_sonoma, arm64_tahoe, sonoma, x86_64_linux) |
| Homebrew post-install | 未定义 |
| 服务 | 未声明 |
注册表事实
| Source Database | Homebrew formula API |
|---|---|
| Tap | homebrew/core |
| Full Name | yara |
| Version Scheme | 0 |
| Revision | 0 |
| Head Version | HEAD |
| Bottle Stable Root URL | https://ghcr.io/v2/homebrew/core |
| Deprecated | no |
| Disabled | no |
| Keg Only | no |
| URL Keys |
|
源数据库匹配
匹配项来自外部软件包管理器索引,并与本地 Automic Vault 软件包链接分开显示。
libyara-dev 4.5.2-1
YARA development libraries and headers
https://virustotal.github.io/yara/
sudo apt install libyara-devlibyara10 4.5.2-1
YARA shared library
https://virustotal.github.io/yara/
sudo apt install libyara10yara 4.5.2-1
Pattern matching swiss knife for malware researchers
https://virustotal.github.io/yara/
sudo apt install yarayara-doc 4.5.2-1
HTML documentation for YARA
https://virustotal.github.io/yara/
sudo apt install yara-docyara
nix profile install nixpkgs#yaralibyara-dev 4.5.0-1build2
YARA development libraries and headers
https://virustotal.github.io/yara/
sudo apt install libyara-devlibyara10 4.5.0-1build2
YARA shared library
https://virustotal.github.io/yara/
sudo apt install libyara10yara 4.5.0-1build2
Pattern matching swiss knife for malware researchers
https://virustotal.github.io/yara/
sudo apt install yarayara-doc 4.5.0-1build2
HTML documentation for YARA
https://virustotal.github.io/yara/
sudo apt install yara-docyara 4.5.7-r0
Pattern matching swiss knife for malware researchers
https://virustotal.github.io/yara/
sudo apk add yarayara-dev 4.5.7-r0
Pattern matching swiss knife for malware researchers (development files)
https://virustotal.github.io/yara/
sudo apk add yara-devyara-doc 4.5.7-r0
Pattern matching swiss knife for malware researchers (documentation)
https://virustotal.github.io/yara/
sudo apk add yara-docyara 4.5.7-1.fc45
Pattern matching Swiss knife for malware researchers
https://VirusTotal.github.io/yara/
sudo dnf install yarayara-devel 4.5.7-1.fc45
Development files for yara
https://VirusTotal.github.io/yara/
sudo dnf install yara-develyara-doc 4.5.7-1.fc45
Documentation for yara
https://VirusTotal.github.io/yara/
sudo dnf install yara-docyara 4.5.6-1
Tool aimed at helping malware researchers to identify and classify malware samples
https://github.com/VirusTotal/yara
sudo pacman -S yara来源线索
此页面由 av-web 从 scripts/generate-pkg-sqlite.py 生成的私有软件包 SQLite 工件提供。
View the package source record on GitHub.