Global and private rules

Global rules

Global rules allow you to set restrictions that apply universally across all your rules. For instance, if you want all rules to ignore files above a certain size, instead of modifying each rule individually, you can create a global rule like this:

global rule SizeLimit {
    condition:
        filesize < 2MB
}

You can define multiple global rules, which are evaluated before any other rules. The rest of the rules are only evaluated if all global rules are satisfied.

Incompatibility warning

YARA 4.x allows global rules to reference non-global rules, but in YARA-X a global rule can depend only on other global rules.

Private rules

Private rules are rules that YARA doesn’t report when they match a file. While rules that don’t show up in reports might seem unproductive, they are valuable when combined with YARA’s ability to reference one rule from another (see referencing other rules .). Private rules can act as foundational components for other rules and keep YARA’s output focused and relevant. To declare a rule as private, simply add the keyword private before the rule declaration.

private rule PrivateRuleExample{
    ...
}

You can apply both private and global modifiers to a rule, resulting in a global rule that does not get reported by YARA but must be satisfied.

Rule conditions

External global variables

Docs

YARA-X

Title here

Global and private rules

Global rules

Private rules

Global and private rules

Global rules#

Private rules#

Global rules

Private rules