evild3ad
commented
6 months ago Thanks for the feature request. I will check out the yara-forge ruleset. Usually I add only yara rules which are for scanning memory.
Closed BIitzkrieg closed 5 months ago
evild3ad
commented
6 months ago Thanks for the feature request. I will check out the yara-forge ruleset. Usually I add only yara rules which are for scanning memory.
evild3ad
commented
5 months ago Sorry. I don't see a practical way to include this YARA ruleset. Yara Forge includes rules for Linux and macOS (not supported by MemProcFS) and most of the rules are for scanning files or the scan context is unknown.
I'd like to propose adding to the Get-YaraCustomRules function to pull the latest Yara Forge ruleset (https://github.com/YARAHQ/yara-forge/releases/), or set up a job to sync this ruleset to your defined repo at https://github.com/evild3ad/yara/. This should greatly extend the library of Yara rules for scanning with this tool. Thank you for your work on this!