I hereby claim:
- I am ruppde on github.
- I am ruppde (https://keybase.io/ruppde) on keybase.
- I have a public key ASDDo4bMf2-LVxlGHrume54I4WZQsCK8rOqi9wcxIDeGcQo
To claim this, I am signing this object:
Arnim Rupp ruppde
ruppde
/ yara_performance_guidelines.md
Last active
February 16, 2021 23:24
— forked from Neo23x0/yara_performance_guidelines.md
YARA Performance Guidelines
When creating your rules for YARA keep in mind the following guidelines in order to get the best performance from them. This guide is based on ideas and recommendations by Victor M. Alvarez and WXS.
- Revision 1.4, October 2020, applies to all YARA versions higher than 3.7
To get a better grip on what and where YARA performance can be optimized, it's useful to understand the scanning process. It's basically separated into 4 steps which will be explained very simplified using this examples rule: