Yara Scan Service

A simple service to test your Yara rules against a large set of malicious and identified files

Service we offer

Did it happen to you that you wanted to quickly test a Yara rule your created, but you are missing a large enough data set to test your rule against? This is exactly where Yara Scan is designed for. You submit your Yara rule to the service and a short while later you will receive an email with the results of Yara scan over our large collection of malicious samples. And the best part? Most files are identified by a signature, making it easier to identify if your rule matches for the right malware samples.

Give it a try

Upload your Yara rule, share your username and email address and a few minutes later you will get the results in a nicely formatted JSON file.

We'll never share your email with anyone else.

 

Buy Me A Coffee

API access

You can also submit your Yara rule via the API endpoint to start a Yara scan. Simple use the examples below to submit your rules.

Please reach out to obtain your personal API key.

cURL

curl -X POST --header "APIKEY: YOURKEY" -F file[]=@"myrule.yar" "https://riskmitigation.ch/yara-scan/api/"

You can submit several Yara rules with one request by using the file[] array.

Python3

You can use the below script as following

    $ ./yara_scan_upload.py -h
    usage: yara_scan_upload.py [-h] -f FILE [FILE ...] [-a apikey]

    Upload a Yara rule to be scanned on Yara Scan Service

    optional arguments:
    -h, --help            show this help message and exit
    -f FILE [FILE ...], --file FILE [FILE ...]
                        Yara rules(s) to upload (required)
    -a apikey, --apikey apikey
                        Your personal API key
          

Source code of yara_scan_upload.py: yara-scan-service GitHub repository

Please make sure to check the response status (response code) or in the JSON to verify if your request was successful.

  • 200 / ok Request accepted, you will get a job ID in return.
  • 400 / no_yara_file You did not submit a Yara rule with your request.
  • 401 / invalid_key Your API key is invalid. Check again or reach out to us.
  • 403 / user_not_active Your API key has expired.
  • 404 / user_not_found User not found.

Contact us

Send us your question with the form below.

We'll never share your email with anyone else.

Terms of Service

By using the Yara Scan Service, you accept the following terms of service:

  • You understand this is a beta version.
  • The service is free to use for beta testers.
  • You have to supply Yara rules that you created yourself or which you are allowed to use.
  • You grant the service permission to send you an email with the scanning results.
  • The information shared with the service will be removed after 30 days (cookies, scan jobs, Yara rules, results, email address).
  • Any data offered by the Yara Scan Service is served as it is on best effort.
  • Yara Scan Service can not be held liable for any false positives or damage caused by the use of the website or the datasets provided.