Feature idea: Create an encoded format for YARA rules

[ruppde]

Hello,

since ages the good guys are plagued by AVs deleting YARA rulesets, because they contain some strings, that look malicious. For example the
https://github.com/YARAHQ/yara-forge/releases/latest/download/yara-forge-rules-core.zip is deleted by 15 AVs (e7aa24483a89513a38f64db8b2a85f2e9a9775e68e59bf4796cc64d87d239fce)

A simple solution could be to add a feature in yara-x, which enables it to read rule files, which are xored with some static key (and ziped?).

best regards
arnim

[zdiff]

Does compiling the plaintext rule files accomplish this?

[ruppde]

Does compiling the plaintext rule files accomplish this?

just a bit, AV hits on VT dropped from 15 to 11. and it has other downsides.

[xCEVre]

this page is marked as not safe for chromium ))