<aside>

Start

• Read config
• Set limits
• Initialize thread pool
• Initialize logger </aside>

<aside>

Rule loading

• Read config
• Set limits
• Initialize thread pool
• Initialize logger

index rule by :

• File type
• Pattern length
• Trigger condition
• Scan stage </aside>

Detection types:

Theres plenty of detection type:

Those one are possible with YARA

• Byte Patern
• Hashes
• Regex
• Logical Rules

There is also by:

• Heuristic (possible by minimal rust check)

heuristic detection the deep analysis of the structure ex : Detect unusual ELF section layout, Detect packers generically ,Detect self-modifying code, Behavioral detection

• Archives (use of External libs)
• Behavior (out of scope for the project)

“ClamAV signatures encode malware features using a combination of byte patterns, hashes, regular expressions, and logical conditions, complemented by engine-level heuristic analysis. Our implementation delegates pattern-based detection to YARA, which subsumes most ClamAV signature types, while implementing a limited set of custom heuristics in Rust to emulate ClamAV’s engine-level logic.”

1. indexer les fichier par types