About
YARAify is a project operated by abuse.ch. It allows anyone to scan suspicious files such as malware samples or process dumps against a large repository of YARA rules.
If you are a vendor and you would like to use data provided by YARAify, please have a quick look at the following pages:
Please submit any questions to our partner, Spamhaus Technology, via this contact form:
https://www.spamhaus.com/contact-us-abuse-ch/
Technology
YARAify uses the following tools and services:
- Fastly as Content Delivery Network (CDN)
- Google Cloud Storage for storing files
- Google Compute Engine for virtual machines
- Google Cloud SQL as database backend
- Ubuntu as prefered server OS
- Apache as prefered webserver
- Python as prefered scripting language
- PHP as prefered web scripting language
- Chart.js for generating statistics and charts
- Bootstrap for web design
- Font Awesome icons
- jQuery JavaScript library
- clipboard.js for web copy&paste functionality
- FAMFAMFAM flags
- Twitter OAuth for authentication
- MaxMind GeoLite2 Free for geo location
- ClamAV antivirus engine
- Trend Micro TLSH fuzzy matching library
- Trend Micro ELF Hash (telfhash) fuzzy matching library for ELF
- ssdeep fuzzy matching library
- yara pattern matching
- humanhash for generating Human-readable digests
- oletools for analyzing office documents
- gimphash to calculate an imphash equivalent for Go binaries
Special thanks
Special thanks to:
- SecuriteInfo for providing their commercial ClamAV ruleset for free
- @stoerchl for beta testing
- @viql for beta testing
- @AndreGironda for beta testing
- Slavo for beta testing
- Members of the security community for publishing YARA rules for free and for the good of the internet