Skip to content

fix(yara): reduce packaged malware-signature false positives (#236)#247

Open
rodboev wants to merge 2 commits into
NVIDIA:mainfrom
rodboev:pr/yara-packaging-236
Open

fix(yara): reduce packaged malware-signature false positives (#236)#247
rodboev wants to merge 2 commits into
NVIDIA:mainfrom
rodboev:pr/yara-packaging-236

Conversation

@rodboev

@rodboev rodboev commented Jul 4, 2026

Copy link
Copy Markdown
Contributor

Summary

SkillSpector should avoid shipping raw malware-signature rule source in a form that causes repository archives to look like malware payloads, while preserving the built-in YARA detector behavior those rules provide.

Closes #236

Root cause

The YARA analyzer compiled built-in rule files directly from src/skillspector/yara_rules, including malware.yar. Those rule strings are benign detector material, but archive scanners can treat them as suspicious content when scanning the repository zip itself. A reviewer pass also found that malformed encoded built-in rule files could still fail before user-supplied extra rules were loaded.

Diff Notes

  • Replace the raw malware.yar package file with an encoded built-in asset that static_yara decodes at load time, so the detector source no longer ships as plain rule text.
  • Preserve built-in YARA matching and YR1 severity/category behavior.
  • Skip malformed encoded built-in rule files that fail base64 decoding or UTF-8 decoding, then continue compiling the remaining built-in and user-supplied rules.
  • Add tests for built-in malware rule matching, user-supplied extra rule loading, and malformed encoded built-in rule files containing both ASCII and non-ASCII invalid payloads.

Scope

This does not remove malware detection, disable YARA, rename --yara-rules-dir, or claim that external scanners are clean unless that live scanner proof is collected.

Verification

  • .\.venv\Scripts\python.exe -m pytest tests/nodes/analyzers/test_static_yara.py -k "malformed or builtin_malware or extra_rules"
  • .\.venv\Scripts\python.exe -m pytest tests/nodes/analyzers/test_static_yara.py
  • uv run ruff check src/ tests/
  • uv run ruff format --check src/ tests/

@rng1995 rng1995 left a comment

Copy link
Copy Markdown
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[Automated SkillSpector Review]

Requesting changes. Runtime decoding preserves the built-in malware signatures and current CI is green, but malformed encoded rules are not fully contained. Non-ASCII input can raise ValueError and abort rule loading instead of being skipped. Normalize that error path and add a regression.

Comment thread src/skillspector/nodes/analyzers/static_yara.py Outdated
Signed-off-by: Rod Boev <rod.boev@gmail.com>
@rodboev

rodboev commented Jul 10, 2026

Copy link
Copy Markdown
Contributor Author

Thanks for the review. I pushed a rework that keeps malformed encoded built-in YARA rules on the existing skip path:

  • Built-in encoded rules that fail base64 decoding are skipped.
  • Built-in encoded rules that fail UTF-8 decoding are also skipped.
  • User-supplied extra rules still compile afterward, so one malformed packaged rule does not block the rest of the rule set.

I added regression coverage for both ASCII and non-ASCII malformed encoded payloads and reran the focused malformed/builtin/extra-rule test slice, the full static YARA test file, ruff check, and ruff format check.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Skillspector is flagged to contain malware

2 participants