YARA - Snort For Files3 minutes read
Yara is a great product not only for security researchers.
Using this tool you can identify and classify files(PE files, text files, etc.) based on patterns.
The tool is easy to use. We can create a.k.a rules(name.yar) which consist set of rules.
Everything in this example is very intuitive. If the file contains strings $a or $b, Yara can detect this.
Also, we use hexadecimal strings or use regular expressions:
Yes, there are some helpful keywords too.
We can create more interesting rules, for example, we can detect files which contain macro codes.
Also, you can convert ClamAV rules. For more detailed and updated information you should see this doc: https://yara.readthedocs.io