Open Detect

A fast, flexible malware detection engine with YARA rule support and automatic archive extraction for security researchers.

Disclaimer: This project is still in early development and should not be used for production purposes.
The API is subject to change without notice.

Features

• YARA-based detection - Leverage the power of YARA rules for pattern-based malware detection
• Automatic archive extraction - Recursively scans ZIP, TAR, GZ, BZ2 archives without manual extraction
• Thread-safe - Scanner is both Send and Sync for concurrent scanning operations

Quick Start

use open_detect::{Scanner, SigSet, ScanResult};
use std::path::Path;

// Load YARA signatures from a directory
let sig_set = SigSet::new()
    .with_sig_dir_recursive(Path::new("signatures"))
    .expect("Failed to load signatures");

// Create scanner with default settings
let scanner = Scanner::new(sig_set);

// Scan a file
match scanner.scan_file(Path::new("suspicious.exe")).unwrap() {
    ScanResult::Clean => println!("File is clean"),
    ScanResult::Malicious(detections) => {
        println!("Threats detected:");
        for detection in detections {
            println!("  - {}", detection.name);
        }
    }
}

For more examples and detailed usage, please refer to the documentation.

Related Projects

This crate is built on top of excellent open-source projects:

• YARA-X - Next-generation YARA engine written in Rust by VirusTotal. Provides the core pattern matching capabilities.
• YARA - The original pattern matching tool for malware researchers. YARA-X is a modern reimplementation.
• archive - Archive extraction library supporting multiple formats.
• infer - File type detection from magic numbers.