Feature request: YARA and YARA rules for better security
DanielRuf opened this issue · comments
Is this a feature request or a bug?
Feature request
Expected behavior:
entropic should provide support for YARA and YARA rules to scan, find and prevent (known) malware and malicious packages as early as possible.
Actual behavior:
Currently I miss checks or rules to prevent that anyone can reupload the same malware like before or that specific things can spread using the new registry network.
Official docs: https://virustotal.github.io/yara/
Writing rules is very easy: https://github.com/DanielRuf/yara-rules/tree/master/npm/source
Some of these could have prevented that I can also reupload malicious packages with the exact same code on npmjs (which was still not found).
Security (especially in the enterprise field) is very important and I would like to contribute YARA rules if possible and protect the instances against spreading malware.
Also relevant: #86
Trust is just one security layer and accidents / mistakes can also happen to trusted instancec and people. We should be better prepared than current registries which do manual checks in some way (using the VirusTotal API could be also an option).
If this is not an option to be implemented in entropic, we should maybe start a community run project and provide the needed steps to use the created YARA rules to actively protect the instances and radically lower the possibility of malware in trusted instances.