sauron: A minimalistic cross-platform malware scanner with non-blocking realtime filesystem monitoring using YARA rules.


Sauron is a minimalistic, YARA based malware scanner with realtime filesystem monitoring written in Rust.


Realtime scan of created and modified files supporting Linux inotify , macOS FSEvents , Windows ReadDirectoryChanges and polling for other platforms.

, macOS , Windows and polling for other platforms. YARA engine complete support.

Single scan mode to scan a folder, report results and exit.

Parallel scanning using a configurable thread pool.

Log, text and JSON reporting.


Read More