maliceio / malice-av Goto Github PK

View Code? Open in Web Editor NEW

105.0 105.0 39.0 61.22 MB

Malice AntiVirus Plugins

Shell 2.03% Go 77.54% Makefile 0.73% Dockerfile 19.70%

antivirus docker malice malware malware-analysis plugins

malice-av's Introduction

maliceio

Malice.IO website

malice-av's People

Contributors

Stargazers

Watchers

malice-av's Issues

Updating the Engines major version

How would you update the major version engines of av ?
Engines are not updating even after doing the update.
For example http://www.f-prot.com/currentversions.html shows 6.2.39 but 4.6.5.141 in project.

add new anti virus

please add Kaspersky anti virus and make some section to register anti virus

avast license is expired ,

unable to use avast virus engine please update the license

The avg image does not build

When it builds it returns avgscan compilation error.
Steps to reproduce:

git clone https://github.com/maliceio/malice-av.git src
cd src/avg
rm build.* ; docker build -t malice/avg . | tee build.log

Skipping the output of docker build -t malice/avg . The output of tail -n 20 build.log below.

AVG command line avgcfgctl
Copyright (c) 2013 AVG Technologies CZ

Setting configuration item Default.setup.daemonize to value false.
Install Go...
Building avscan Go binary...
go version go1.7.1 linux/amd64
# github.com/maliceio/malice-avg
./scan.go:109: cannot use "/usr/bin/avgscan" (type string) as type context.Context in argument to utils.RunCommand:
        string does not implement context.Context (missing Deadline method)
./scan.go:109: multiple-value utils.RunCommand() in single-value context
./scan.go:148: not enough arguments in call to utils.RunCommand
./scan.go:255: cannot use "/usr/bin/avgscan" (type string) as type context.Context in argument to utils.RunCommand:
        string does not implement context.Context (missing Deadline method)
./scan.go:255: multiple-value utils.RunCommand() in single-value context
./scan.go:258: cannot use "/usr/bin/avgscan" (type string) as type context.Context in argument to utils.RunCommand:
        string does not implement context.Context (missing Deadline method)
./scan.go:258: multiple-value utils.RunCommand() in single-value context
./scan.go:267: not enough arguments in call to elasticsearch.InitElasticSearch

vbacl-linux-3.12.26.4.tar.gz archive for VirusBlokAda is corrupt and link is broken

The vbacl-linux-3.12.26.4.tar.gz archive for VirusBlokAda is corrupt. Additionally, the link for download http://anti-virus.by/pub/vbacl-linux-3.12.26.4.tar.gz is broken. Is it possible to upload a working vbacl-linux-3.12.26.4.tar.gz archive or possibly a live link for download. Thanks.

With gzip-

gzip: stdin: unexpected end of file
tar: Unexpected EOF in archive
tar: Unexpected EOF in archive
tar: Error is not recoverable: exiting now

With 7z.exe-

Data error in 'vbacl-linux-3.12.26.4.tar'. File is broken

File submission?

I want to use the avast av as an engine so that I can submit files to it either one at a time or a directory of files. How would I do that with this docker?

Possible Avira License Solution

If you reach out to Avira Labs they may grant you a free license for research purposes. I have been able to do this in the past along with an agreement if you encounter malware Avira does not detect and has not already been submitted to VirusTotal, then you upload it to their labs. If you have questions I can provide contact info offline or via private message.

submit a file to analysis

I understand that i can user run or exec docker command but the args are a little bit confused.Also i used -v to bin a host host volume and supplied the file but something went wrong.
Can you give us the right path to scan a file ?

regards,

richard

run clamav againt file not running

Hi,
I follow the instructions given through the command
ocker restart clamav > /dev/null && docker exec clamav scan --table EICAR
and i get the output
Error response from daemon: Container 6ca35ad7f7c7f36a56f3ebc3cb5c046402f9bf0043e0315324a8231d560b3b38 is not running: Exited (0) Less than a second ago
but the command "docker run --rm malice/clamav EICAR" outputs
{"clamav":{"infected":true,"result":"Eicar-Test-Signature","engine":"0.99","known":"4276723","updated":"20160228"}}

I also tried docker run --rm -v /evidences/eicar/:/malware:ro malice/clamav
Code: System error

Message: not a directory

Frames:

0: setupRootfs
Package: github.com/opencontainers/runc/libcontainer

File: rootfs_linux.go@40

1: Init
Package: github.com/opencontainers/runc/libcontainer.(*linuxStandardInit)

File: standard_init_linux.go@57

2: StartInitialization
Package: github.com/opencontainers/runc/libcontainer.(*LinuxFactory)

File: factory_linux.go@240

3: initializer
Package: github.com/docker/docker/daemon/execdriver/native

File: init.go@35

4: Init
Package: github.com/docker/docker/pkg/reexec

File: reexec.go@26

5: main
Package: main

File: docker.go@18

6: main
Package: runtime

File: proc.go@111

7: goexit
Package: runtime
File: asm_amd64.s@1721
docker: Error response from daemon: Cannot start container 925a92e985810f18fa22788fc1df114ca7381da110e5f76c6411eeded7658247: [9] System error: not a directory.

It seems that de clamav container is not running or cannot bind the volume in the host ?

Thks in advance for your enlightment.