saferwall v0.0.2 releases: an open source malware analysis platform
Saferwall is an open-source malware analysis platform.
It aims for the following goals:
- Provide a collaborative platform to share samples among malware researchers.
- Acts as a system expert, to help researchers generate an automated malware analysis report.
- Hunting platform to find new malwares.
- Quality ensurance for signature before releasing.
- Static analysis:
- Crypto hashes, packer identification
- Strings extraction
- Multiple AV scanner which includes major antivirus vendors:
Vendors status Vendors status Avast ✔️ FSecure ✔️ Avira ✔️ Kaspersky ✔️ Bitdefender ✔️ McAfee ✔️ ClamAV ✔️ Sophos ✔️ Comodo ✔️ Symantec ✔️ ESET ✔️ Windows Defender ✔️
Current architecture / Workflow:
Here is a basic workflow which happens during a file scan:
- Frontend talks to the backend via REST APIs.
- Backend uploads samples to the object storage.
- Backend pushes a message into the scanning queue.
- Consumer fetches the file and copy it into to the nfs share avoiding to pull the sample on every container.
- Consumer calls asynchronously scanning services (like AV scanners) via gRPC calls and waits for results.
- Add a cmd tool to batch upload files.
- Add a pkg for parsing portable executable files.
- Add a UI for displaying PE parser results.
- Add s3upload pkg to simplify mass-uploading of files into s3.
- Add upload pkg to simplify uploading a local db into saferwall.
- Add nfs-server-provisionner for local testing in minikube.
- Improve the building process documentation thanks to Jameel Haffejee.
- Reworked to file tags schema.
- Improve the rendering of the landing page.
- Fix phrasing in README from @bf.
- Fix recover from panic routine in parse-pe in consumer.
- Add exception catching in strings pkg.
- Enable Kibana / ElasticSearch / FileBeat in helm deployments.
- Add ConextLogger in consumer to always log sha256.
Copyright (C) 2018 saferwall