YARA detection scans email messages, attachments, and extracted content for known malware, phishing patterns, or suspicious code. This detection method uses the YARA pattern matching language, which lets your security team create specific signatures based on known malicious patterns, both textual and binary.
YARA detection can identify:
- Known malware families based on their distinctive code patterns
- Obfuscated scripts or executables using encoding techniques
- Common phishing templates with structural similarities
- Suspicious binary patterns that may indicate malicious functionality
- Custom threats targeting specific organizations with tailored YARA rules