YARA - a malware identification and classification tool
YARA is a tool aimed at helping malware researchers to identify and
classify malware samples. With YARA you can create descriptions of
malware families based on textual or binary patterns contained on
samples of those families. Each description consists of a set of
strings and a Boolean expression which determines its logic.
YARA is multi-platform, running on Windows, Linux and Mac OS X, and
can be used through its command-line interface or from your own Python
scripts with the yara-python extension.