feat: selectively zero match lists

VirusTotal / yara

The pattern matching swiss knife

https://virustotal.github.io/yara/

BSD 3-Clause "New" or "Revised" License

8.32k stars 1.45k forks source link

feat: selectively zero match lists #2087

Closed secDre4mer closed 3 days ago

secDre4mer commented 5 months ago

Instead of completely zeroing match lists at the end of each scan (which is O(num_strings) and thus scales badly with large rule sets), keep track of which list entries have been used. Only those entries need to be zeroed at the end. This essentially changes the O(num_strings) to O(num_matched_strings), which is usually far lesser.

secDre4mer commented 3 weeks ago

Since this hasn't seen any attention so far: @plusvic do performance improvements like this still have a chance of being merged (since YARA doesn't gain any more features and effort instead goes into yara-x)? If not, I'd like to close this.

plusvic commented 3 days ago

Sorry for the delayed response, this fell trough the cracks. As this is a relatively important change, and all my efforts are put now in YARA-X I prefer not merging this PR. So I'm closing it.