Security & Compliancedaemon-blockint-tech/agen...
yara-rule-authoring
Guides authoring, review, optimization, and false-positive debugging of YARA-X detection rules for
malware identification across PE, script, npm, Office, Chrome extensions (crx module), and Android
DEX (dex module). Covers string and atom quality, condition short-circuiting, legacy YARA migration,
yarGen/FLOSS workflows, goodware validation, and production deployment—not full malware reverse
engineering, network IDS (Suricata/Snort), or memory forensics (Volatility).
Use when the user asks to write YARA rule, YARA-X, yr check, yr scan, false positive YARA, yarGen,
malware detection rule, crx module, dex module, optimize YARA performance, or migrate legacy YARA.