YARAmeta

For YARA-L 2.0, you must specify variable declarations, definitions, and usages in the following order: meta; events; match (optional); outcome (optional) ...

The YARA rule name. Must be unique and cannot contain spaces. meta: Indicates that the meta section begins. Parts in the meta section do not affect detection.

2023年9月13日 — The meta section provides additional information about the rule. This can include the author's name, a reference to the research paper or blog ...

A rule begins with a rule identifier, and a rule's description contains three sections: the meta, the strings, and the condition. These sections determine how a ...

YARA is multi-platform, running on Windows, Linux and Mac OS X, and can be used through its command-line interface or from your own Python scripts with the yara ...

2023年12月26日 — Solved: Dear team, I am reaching out in relation to the following YARA-L rule: rule MultiEventReferenceListExample meta: events:

2023年10月23日 — YARA rules are devised to classify and identify malware samples, constructing descriptions of malware families rooted in textual or binary ...

The metadata section is defined with the keyword meta and contains identifier/value pairs like in the following example: rule MetadataExample meta ...

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions ...