YARA is an awesome tool. It's aimed at helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families based on textual or binary patterns contained on samples of those families.
However, sometimes the data you are analyzing needs some manipulation in order to achieve the best results. Yaraprocessor allows you to scan data streams in few unique ways. It supports scanning data streams in discrete chunks, or buffers. These chunks can overlap or be completely disjoint depending on the 'processing_mode' selected.
Yaraprocessor was originally written for Chopshop. Combined with Chopshop, it allows for dynamic scanning of payloads plucked from network packet capture. Historically, signature based tools operate over the entire PCAP file. With Chopshop and Yaraprocessor, YARA can be ran against individual packet payloads as well as a concatenation of some or all of the payloads. Ideally, this makes writing signatures easier. Check out the Chopshop module yarashop to see it in action!