Support use of Private Yara Rules and Referencing other Rules

Scot Perkins

20. lokak. 2021, 00.11

We would like the ability to utilize the Private modifier in YARA so that we can create rules that may be referenced by other rules. https://yara.readthedocs.io/en/stable/writingrules.html#referencing-rules

Use Case:  We have YARA rules that tag emails that pass SPF, DKIM, and DMARC respectively.  I want to create a rule that references those SPF, DKIM, and DMARC rules to help validate my new rule.  Currently, I have to add the SPF, DKIM, and DMARC logic into EVERY rule that I want to use that logic in... this is just a bad coding practice... I shouldn't have to duplicate code from another rule into my new rule when YARA supports referencing that rule natively.

0

• Virallinen kommentti

  

  Max Garczynski 25. lokak. 2021, 16.21

  Hi Scot,

  Thank you for your great suggestion! I've submitted a feature request on your behalf to allow the ability to utilize a private modifier in YARAso you can call up/reference other rules. It completely makes sense to me as well and I have passed this on to our development team! We appreciate your feedback and are glad to see you taking an active part in our community board.
  
  Maximilian

  Kommenttitoiminnot Pysyvä linkki

Kirjaudu sisään jättääksesi kommentin.