RFE: Support for an import hash and/or a fuzzy hash

[Kogl1n]

Hello Yara developers!

Imphash currently is the only import hash in Yara's official modules. Regarding Linux, there is not even one import or fuzzy hash available. Issue #216 (telfhash) and issue #1378 (pehash) apparently didn't make it since the first required a disassembler dependency and the latter had problems with a correct implementation of the paper. Since VT implemented vhash and also uses ssdeep, Yara supporting those would certainly be helpful in utilizing the intel on the endpoint. Therefore I kindly request to consider it in your roadmap! Thank you!

[wanderingbug]

I second this, it would be very very helpful

[dmknght]

Latest Yara added telfhash. The ssdeep library is inside libfuzzy-dev and it looks kinda easy to call the APIs from this lib. Hope Yara can officially add the ssdeep