Overview

To Build a Rust-based antivirus scanner that:

• Loads YARA-style rules (patterns, regexes, or signatures)
• Scans multiple files efficiently
• Supports parallel scanning
• Allows future expansion (database updates, heuristics, etc.)

Core Concepts:

⚙️ 2. Recommended Folder Structure

rustav/
├── Cargo.toml
├── src/
│   ├── main.rs
│   ├── rule_loader.rs
│   ├── rule.rs
│   ├── scanner.rs
│   ├── scan_engine.rs
│   └── results.rs
└── benches/
    ├── load_rules.rs
    ├── scan_single.rs
    ├── scan_parallel.rs

Priorities

Phase 1 — Core rule loading

Goal: Efficiently parse YARA-like rules into memory.

Example features:

• Read .yara or .yar file

• Extract:

  rule Trojan_Generic {
      strings:
          $a = "malicious_code"
      condition:
          $a
  }