Hi,
Where do you guys mostly download Yara rules for Veeam from?
This GIT looks not maintained for years (files from 2022). https://github.com/YARA-Rules/rules/archive/refs/heads/master.zip
I also used those links but I had some troubles when scanning backup.
https://github.com/Neo23x0/signature-base/archive/refs/heads/master.zip
The few times I've done YARA scans I just did an Internet search for the YARA info (rule) I was needing. There is no Veeam-backed site or info I'm aware of.
If you go to the following link there is a download button on the right that takes you to another GitHub where the YARA rules were updated in 2024 - YARA - The pattern matching swiss knife for malware researchers
Latest one that I can see via Google search.
The few times I've done YARA scans I just did an Internet search for the YARA info (rule) I was needing. There is no Veeam-backed site or info I'm aware of.
Yes, in case that I know what to scan for, that is the best way.
Hi SashoB,
YARA GitHub Repository: This is the primary source for all things YARA. You can find the latest releases, YARA documentation, and the YARA source code here.
YARA Documentation: Hosted on ReadTheDocs, the official YARA documentation provides comprehensive information on how to use YARA and its syntax, what the rules do, and how its capabilities detect malicious software.
YARA Rules and Signatures Repository: This is a great resource where you can find a collection of community-based YARA rules and signatures. You can also contribute your own YARA rules so others can use them.
and there is one post already from
I saw that yes. But when I hear its from last year I just think its out-dated.
But most of the links mentioned above are from at least last year if not older.
Thats way I am asking is this “good enough” or we could to better?
I saw that yes. But when I hear its from last year I just think its out-dated.
But most of the links mentioned above are from at least last year if not older.
Thats way I am asking is this “good enough” or we could to better?
Basically this is good enough. I am sure if there are updates these links would be updated.
I understand your concern of the info in the links being “a year” out, etc...but as Chris shared...and I agree...they are a good starting point. As new variants of malware are introduced, I’m sure those sites will update their xml/YARA rules as needed.
Best.
Great, thank you guys.
Best regards
One way is to use a GPT to create a YARA rule for a known threat. I should do a refresh here!
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
