Updater
Mirror
The mirror flag in the config file should ideally point to a git API. Custom Mirrors need to have the following structure in JSON
{
"tag_name": "String", // eg. v1.1
"zipball_url": "String" // http://example/download.zip
}
tag_name supplies the version against which the local config gets checked
- The zipball_url should point to the .zip archive which contains the rules
Updater
The new and written-from-scratch Updater looks up the newest version indicated by your mirror online, and downloads the release .zip file to cache. Once that succeeds, it starts compiling all the .yar files into a compiled .yarac. This gets saved to the data directory (~/.local/share/raspirus, %appdata%\Roaming\Raspirus\Data, /Applications/Raspirus/data)
Release archive
The zip should contain .yar files, which are uncompiled, raw YARA rules. The structure of the archive does not matter, as the files get added recursively. On Microsoft Windows, an optional script can be supplied to disable Windows Defender, from scanning the created compiled rules on disk, as that might result in them getting deleted. An example can be found here . The script is run with the Data Folder as argument.