Implement rule profiling support

[dspruell]

Wanted to suggest adding ability to profile rule performance in the YARA engine in a manner similar to how done in NIDS projects like Suricata and Snort. It would be valuable to be able to run a ruleset with profiling enabled and understand which rules perform well or take undue resources, which regexes take longest, etc.

[plusvic]

This is already implemented. It's disabled by default and should be enabled with ./configure --enable-profiling. That will add a member clock_ticks to both YR_RULE and YR_STRING structures that can be used as an indicator of which rules are the slowest. Search for yr_rules_print_profiling_info in rules.c for more details. Please notice that this is not a supported API yet. So, it can change in the future.

I'm not closing this issue as we probably need to support it officially.

[sbruno]

Is the profiling support still unofficial?

I just created an issue for yara-python (https://github.com/VirusTotal/yara-python/issues/155) because it relies on the mentioned implementation of having clock_ticks as a member of both YR_RULE and YR_STRING which has changed.

Would supporting the new code require too many changes? I might be able to help if it isn't a big change.

[LloydLabs]

Bump for this. Would be great to have it in the newest version of YARA, can the old profiling code be easily ported to newer versions?