Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Looking for Help with YARA Rules for My Open-Source Antimalware Scanner
Message
<blockquote data-quote="eroniko" data-source="post: 1101163" data-attributes="member: 88352"><p><strong>Project: Antimalware Scanner with Multiple Detection Modules (Open Source)</strong></p><p></p><p>Hi everyone,</p><p></p><p>As a hobby project, I developed an <strong>Antimalware Scanner</strong>, and I plan to share it as open-source on GitHub. Here are some details about the scanner:</p><p></p><ul> <li data-xf-list-type="ul"><strong>Programming Languages</strong>: The project is developed using <strong>Python</strong>, <strong>C++</strong>, and <strong>Delphi</strong>.</li> <li data-xf-list-type="ul"><strong>Scanning Modules</strong>: It includes modules for <strong>NSRL whitelist</strong>, <strong>SSDEEP</strong>, <strong>TLSH</strong>, <strong>YARA rules</strong>, <strong>AI analysis</strong>, and <strong>digital signature checking</strong>.</li> <li data-xf-list-type="ul">For example, when scanning a file, it checks:<ul> <li data-xf-list-type="ul"><strong>NSRL whitelist</strong></li> <li data-xf-list-type="ul"><strong>Digital signature</strong> verification</li> <li data-xf-list-type="ul"><strong>SSDEEP database</strong></li> <li data-xf-list-type="ul"><strong>TLSH database</strong> (using Annoy for fast lookup)</li> <li data-xf-list-type="ul"><strong>YARA rules</strong> database</li> <li data-xf-list-type="ul">Performs an <strong>AI-based scan</strong></li> </ul></li> <li data-xf-list-type="ul">Based on the results of all these checks, it assigns an overall score to the file.</li> <li data-xf-list-type="ul"><strong>Kernel-level Hooking</strong>: The scanner also features kernel-level hooking for enhanced control.</li> <li data-xf-list-type="ul"><strong>Cloud Compatibility</strong>: It is designed to be compatible with cloud operations, although I haven't done detailed cloud testing yet.</li> </ul><p><strong>Example Video of the Scan</strong>: A sample video of the scanning process is attached. Here are the steps performed during the scan of a single file:</p><ol> <li data-xf-list-type="ol">Querying <strong>55 million entries</strong> in the NSRL whitelist database.</li> <li data-xf-list-type="ol">Querying <strong>1.5 million entries</strong> in the SSDEEP database.</li> <li data-xf-list-type="ol">Querying <strong>50,000 entries</strong> in the TLSH database.</li> <li data-xf-list-type="ol"><strong>AI-based analysis</strong>.</li> <li data-xf-list-type="ol">Querying <strong>9,000 YARA rules</strong>.</li> </ol><p>(Note: The databases used may not contain fully reliable data.)</p><p></p><p><strong>Computer Specifications Used for the Scan</strong>:</p><p></p><ul> <li data-xf-list-type="ul"><strong>i3-9100f</strong> CPU</li> <li data-xf-list-type="ul"><strong>16GB RAM</strong></li> <li data-xf-list-type="ul"><strong>SSD</strong></li> </ul><p><strong>Question</strong>: I’m looking for a comprehensive <strong>YARA rule database</strong>. I tried using <strong>Nextron-Systems Thor Lite</strong>, but the .yas files are encrypted. I also downloaded YARA rules from <a href="https://valhalla.nextron-systems.com/" target="_blank">Valhalla</a>, but I encountered a lot of false positives, with many files being flagged as malware.</p><p></p><p>Does anyone have recommendations for a more reliable and advanced <strong>YARA rule database</strong>?</p><p></p><p>Thanks in advance for your suggestions!</p><p></p><p><strong>Example Video of the Scan</strong>: <a href="https://www.youtube.com/watch?v=c0j-jfUiE7Y" target="_blank">Youtube Video</a></p><p></p><p><img src="https://malwaretips.com/attachments/2-png.285398/" alt="2.png" class="fr-fic fr-dii fr-draggable " style="" /></p><p></p><p><img src="https://malwaretips.com/attachments/1-png.285399/" alt="1.png" class="fr-fic fr-dii fr-draggable " style="" /></p></blockquote><p></p>
[QUOTE="eroniko, post: 1101163, member: 88352"] [B]Project: Antimalware Scanner with Multiple Detection Modules (Open Source)[/B] Hi everyone, As a hobby project, I developed an [B]Antimalware Scanner[/B], and I plan to share it as open-source on GitHub. Here are some details about the scanner: [LIST] [*][B]Programming Languages[/B]: The project is developed using [B]Python[/B], [B]C++[/B], and [B]Delphi[/B]. [*][B]Scanning Modules[/B]: It includes modules for [B]NSRL whitelist[/B], [B]SSDEEP[/B], [B]TLSH[/B], [B]YARA rules[/B], [B]AI analysis[/B], and [B]digital signature checking[/B]. [*]For example, when scanning a file, it checks: [LIST] [*][B]NSRL whitelist[/B] [*][B]Digital signature[/B] verification [*][B]SSDEEP database[/B] [*][B]TLSH database[/B] (using Annoy for fast lookup) [*][B]YARA rules[/B] database [*]Performs an [B]AI-based scan[/B] [/LIST] [*]Based on the results of all these checks, it assigns an overall score to the file. [*][B]Kernel-level Hooking[/B]: The scanner also features kernel-level hooking for enhanced control. [*][B]Cloud Compatibility[/B]: It is designed to be compatible with cloud operations, although I haven't done detailed cloud testing yet. [/LIST] [B]Example Video of the Scan[/B]: A sample video of the scanning process is attached. Here are the steps performed during the scan of a single file: [LIST=1] [*]Querying [B]55 million entries[/B] in the NSRL whitelist database. [*]Querying [B]1.5 million entries[/B] in the SSDEEP database. [*]Querying [B]50,000 entries[/B] in the TLSH database. [*][B]AI-based analysis[/B]. [*]Querying [B]9,000 YARA rules[/B]. [/LIST] (Note: The databases used may not contain fully reliable data.) [B]Computer Specifications Used for the Scan[/B]: [LIST] [*][B]i3-9100f[/B] CPU [*][B]16GB RAM[/B] [*][B]SSD[/B] [/LIST] [B]Question[/B]: I’m looking for a comprehensive [B]YARA rule database[/B]. I tried using [B]Nextron-Systems Thor Lite[/B], but the .yas files are encrypted. I also downloaded YARA rules from [URL='https://valhalla.nextron-systems.com/']Valhalla[/URL], but I encountered a lot of false positives, with many files being flagged as malware. Does anyone have recommendations for a more reliable and advanced [B]YARA rule database[/B]? Thanks in advance for your suggestions! [B]Example Video of the Scan[/B]: [URL='https://www.youtube.com/watch?v=c0j-jfUiE7Y']Youtube Video[/URL] [IMG alt="2.png"]https://malwaretips.com/attachments/2-png.285398/[/IMG] [IMG alt="1.png"]https://malwaretips.com/attachments/1-png.285399/[/IMG] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
