Open c3rb3ru5d3d53c opened 3 years ago
Hi, thanks for the PR! Do you have any specific use case for this feature? Are you experiencing some performance issues? We're already compiling rules on karton startup and from our experience this shouldn't take a lot of time.
cc @c3rb3ru5d3d53c
@c3rb3ru5d3d53c & @chivay
As I can see, there are 2 cases to use precompiled rules:
But there is a problem: compiled yara rules will take up more disk space -> will be loaded to memory slowlier -> speedup of this solution may decrease.
I'm not a maintainer, but if this code does not complicate current use case of yaramatcher, it can be considered as ok :)
bumping this pull req as I would also love to see it merged. :)
In our case it would help us import rules with ... difficult dependencies that fail to compile under Karton.
Hey guys, I'm willing to help get this merged, I'll be testing here again soon!
I had life stuff going when i made the PR last and had many other things on the go.
I'm back now and re-building a mwdb environment :pray:
The usecase I have is that I have a yara CI/CD pipeline that compiles our signatures and it's much easier to deliver a pre-compiled blob. I don't see any problem adding it as the code I have allows you to do both options, the user can decide :smile:
Added support to use compiled YARA signatures
See Enhancement: https://github.com/CERT-Polska/karton-yaramatcher/issues/9