YaraXSharp 1.0.3

.NET 8.0 This package targets .NET 8.0. The package is compatible with this framework or higher. 
dotnet add package YaraXSharp --version 1.0.3
                    


                    

                
NuGet\Install-Package YaraXSharp -Version 1.0.3
This command is intended to be used within the Package Manager Console in Visual Studio, as it uses the NuGet module's version of Install-Package. 
<PackageReference Include="YaraXSharp" Version="1.0.3" />
For projects that support PackageReference, copy this XML node into the project file to reference the package. 
<PackageVersion Include="YaraXSharp" Version="1.0.3" />
                    


                            Directory.Packages.props
                        

                    

                
<PackageReference Include="YaraXSharp" />
                    


                            Project file
For projects that support Central Package Management (CPM), copy this XML node into the solution Directory.Packages.props file to version the package. 
paket add YaraXSharp --version 1.0.3
                    


                    

                
#r "nuget: YaraXSharp, 1.0.3"
#r directive can be used in F# Interactive and Polyglot Notebooks. Copy this into the interactive tool or source code of the script to reference the package. 
#:package YaraXSharp@1.0.3
#:package directive can be used in C# file-based apps starting in .NET 10 preview 4. Copy this into a .cs file before any lines of code to reference the package. 
#addin nuget:?package=YaraXSharp&version=1.0.3
                    


                            Install as a Cake Addin
                        

                    

                
#tool nuget:?package=YaraXSharp&version=1.0.3
                    


                            Install as a Cake Tool

Yara-X Sharp

A simple wrapper for Yara-X around the Yara-X C/C++ API.

You can find the Nuget package here.

Requirements

As of 1.0.2, Windows x86_64 and Linux x86_64 version of Yara X CAPI is included in the Nuget package.

If you are on Apple silicon or want to bring your own yara_x_capi.dll, you can follow the compile guide here.

Usage

/*
 * New Compiler instance.
 * You can pass multiple params from YRX_COMPILE_FLAGS.
 * E.g. new Compiler(YRX_COMPILE_FLAGS.YRX_ERROR_ON_SLOW_PATTERN)
 */
var yara = new Compiler();
yara.AddRuleFile("./eicar.yar");
var (rules, errors, warnings) = yara.Build(); // Compiled rules to be used in Scanner.

Scanner scanner = new Scanner(rules, YRX_SCANNER_FLAGS.LOAD_METADATA, YRX_SCANNER_FLAGS.LOAD_PATTERNS);
scanner.scan("./eicar.txt");
List<Match> results = scanner.Results();

foreach (Match rule in results) {
  Console.WriteLine($"Pattern match count: {rule.Patterns.Count}");
  Console.WriteLine(rule.Metadata["malware_family"]);
}

// Make sure to destroy.
scanner.Destroy();
yara.Destroy();

Or

using (var yara = new Compiler())
{
  yara.AddRuleFile(Path.Combine(Environment.CurrentDirectory, "../../../", "eicar.yar"));
  yara.AddRuleFile(Path.Combine(Environment.CurrentDirectory, "../../../", "eitwo.yar"));
  var (rules, errors, warnings) = yara.Build();

  Console.WriteLine($"Number of rules: {rules.Count()}");

  using (Scanner scanner = new Scanner(rules, YRX_SCANNER_FLAGS.LOAD_METADATA, YRX_SCANNER_FLAGS.LOAD_PATTERNS))
  {
      scanner.Scan(Path.Combine(Environment.CurrentDirectory, "eicar.txt"));
      List<Match> results = scanner.Results();
      Console.WriteLine($"Matches: {results.Count}");

      foreach (Match rule in results)
      {
          Console.WriteLine($"Pattern match count: {rule.Patterns.Count}");
          Console.WriteLine(rule.Metadata["malware_family"]);
      }
  }
}

Reference

To-Dos

  • Compiler flags
  • Compiler error and warnings
  • Scanner timeout
  • Iterate matched rule patterns and tags
  • File streaming for scanning large files BYO

Compatibility

Yara-X Release Version Wrapper Version
1.4.0 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.1.0, 1.0.0
1.5.0 1.0.3
Product Compatible and additional computed target framework versions.
.NET net8.0 is compatible.  net8.0-android was computed.  net8.0-browser was computed.  net8.0-ios was computed.  net8.0-maccatalyst was computed.  net8.0-macos was computed.  net8.0-tvos was computed.  net8.0-windows was computed.  net9.0 was computed.  net9.0-android was computed.  net9.0-browser was computed.  net9.0-ios was computed.  net9.0-maccatalyst was computed.  net9.0-macos was computed.  net9.0-tvos was computed.  net9.0-windows was computed.  net10.0 was computed.  net10.0-android was computed.  net10.0-browser was computed.  net10.0-ios was computed.  net10.0-maccatalyst was computed.  net10.0-macos was computed.  net10.0-tvos was computed.  net10.0-windows was computed. 
Compatible target framework(s)
Included target framework(s) (in package)
Learn more about Target Frameworks and .NET Standard.

  • net8.0

    • No dependencies.

NuGet packages

This package is not used by any NuGet packages.

GitHub repositories

This package is not used by any popular GitHub repositories.

Version Downloads Last Updated
1.0.3 95 8/20/2025
1.0.2 132 8/13/2025
1.0.2-rc.2 174 8/8/2025
1.0.2-rc 188 8/8/2025
1.0.1 81 8/1/2025
1.0.0 113 7/31/2025
0.1.0 493 7/22/2025
0.0.5 117 7/16/2025
0.0.4 136 7/14/2025
0.0.3 137 7/13/2025
0.0.2 98 7/13/2025
0.0.1 64 7/12/2025