Add sample hash list and scan results against yara-rules-full.yar#1
Open
wessorh wants to merge 4 commits into
Open
Add sample hash list and scan results against yara-rules-full.yar#1wessorh wants to merge 4 commits into
wessorh wants to merge 4 commits into
Conversation
- sample_hashes.txt: 1,107 file hashes from yara-g/samples - file_match_counts.txt: per-file match counts (832 files matched, 275 unmatched) - rule_match_counts.txt: per-rule match counts (986 unique rules matched out of 11,679) - Total: 2,255 matches across 1,107 samples
|
Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). View this failed invocation of the CLA check for more information. For the most up to date status, view the checks section at the bottom of the pull request. |
added 3 commits
June 17, 2026 13:42
- holloman3-rules.yar: 1,090 holloman clusterid rules (157 KB) Generated from 1,107 yara-g/samples via holloman-mcp server 17 files skipped (below 1,024 byte minimum for order 5) 854 unique clusterids — 236 files share fingerprints with peers - holloman3_file_match_counts.txt: per-file scan results 1,090 files matched (98.5%), 17 unmatched 833 files have unique fingerprints (1:1) 257 files in content-identical clusters (2-202 matches each) - holloman3_coverage_stats.txt: detailed coverage analysis Comparison with traditional yara-rules-full.yar (11,679 rules) Engine scaling notes (O(1) fingerprinting vs O(n) string matching)
- Removed 236 duplicate rules (same clusterid, different filename) - Single import "holloman" at top (was 1,091 duplicate imports) - 854 unique rules, 110 KB (was 1,090 rules, 157 KB) - Sorted by clusterid for deterministic output
- 854 unique rules, 1:1 fingerprint-to-rule mapping - 1,090 files matched (98.5%), 17 unmatched, 0 multi-match - Rule file: 110 KB vs 18.4 MB yara-rules-full (167x smaller) - Confirmed: every file matches at most one rule
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Results from scanning 1,107 malware samples (yara-g/samples) against yara-rules-full.yar (11,679 rules).
Files added
Key results
Tooling
Scan performed with yara-x (VirusTotal/yara-x) at commit tracking main.