saferwall v0.0.9 releases: an open source malware analysis platform
Saferwall is an open-source malware analysis platform.
It aims for the following goals:
- Provide a collaborative platform to share samples among malware researchers.
- Acts as a system expert, to help researchers generate an automated malware analysis report.
- Hunting platform to find new malwares.
- Quality ensurance for signature before releasing.
- Static analysis:
- Crypto hashes, packer identification
- Strings extraction
- Multiple AV scanner which includes major antivirus vendors:
Vendors status Vendors status Avast ✔️ FSecure ✔️ Avira ✔️ Kaspersky ✔️ Bitdefender ✔️ McAfee ✔️ ClamAV ✔️ Sophos ✔️ Comodo ✔️ Symantec ✔️ ESET ✔️ Windows Defender ✔️
Current architecture / Workflow:
Here is a basic workflow which happens during a file scan:
- Frontend talks to the backend via REST APIs.
- Backend uploads samples to the object storage.
- Backend pushes a message into the scanning queue.
- Consumer fetches the file and copy it into to the nfs share avoiding to pull the sample on every container.
- Consumer calls asynchronously scanning services (like AV scanners) via gRPC calls and waits for results.
[pkg/ml] add unit test
Copyright (C) 2018 saferwall