bulk_extractor icon indicating copy to clipboard operation
bulk_extractor copied to clipboard
verified publisher icon simsong

Add support for YARA

Open simsong opened this issue 4 years ago • 3 comments

Would this be useful?

  • https://virustotal.github.io/yara/

simsong avatar Dec 23 '21 02:12 simsong

Just wanted to give this a big old thumbs up!

tomnewman86 avatar Apr 14 '22 17:04 tomnewman86

Okay. Do you want yara run on every feature?

simsong avatar Apr 14 '22 20:04 simsong

Personally I would yes.

Although this will likely cause a nice collection of false positives, I've found it better to figure out how to effectively filter these out after rather than potentially miss something significant.

tomnewman86 avatar Apr 14 '22 20:04 tomnewman86