YARA conditional imports/features

[jabedude]

Is your feature request related to a problem? Please describe. I ship YARA rules to clients with older versions of YARA which can't be updated and whose module support is locked. It'd be nice to be able to write rules that use modules where available in a backwards compatible way

Describe the solution you'd like It'd be useful to be able to decorate a rule with an availability check for a given module. That could involve a new syntax for soft-importing a module so that a failure is not a compile time error

Describe alternatives you've considered An alternative is shipping different YARA rule files to different clients who have/lack support for a module

[plusvic]

The problem I see here is that if your clients don't update to a newer version of YARA that implements this feature, you will be in the same position anyways. I'm interested in hearing more about your use case, for instance:

• Which version of YARA your clients have installed?
• Do you know what they don't do upgrades?
• How do you manage other differences between YARA versions like new syntax? What process do you follow to make sure that you clients receive rules that are compatible with their version of YARA? Do you use multiple versions of YARA for testing?