As we promised when we launched YARA-CI last month, we keep working o new features and improvements. Today we are glad to introduce a new feature: a check for false negatives.
A false negative is when a YARA rule is expected to match a file but it doesn’t. Many people has the habit (a good one by the way) of including one or more file hashes in the metadata section of the rule, indicating some of the files that the rule should match.
At VirusTotal we are very proud of YARA, and the ecosystem that has evolved around it over the years. Now we want to contribute a bit more to this ecosystem by offering a free, easy-to-use tool that helps you create better YARA rules.
YARA-CI is continuous testing solution for people who love both YARA and GitHub. If you are one of those people, install the YARA-CI application on the GitHub repository where you store your rules and benefit from the following features: