Clam AntiVirus

•    C

---

Clam AntiVirus is an anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates.

anti-virus malware scanner

Haze Anti-Virus

•    CSharp

---

Haze Anti-Virus is a anti virus written in native C++, it uses signatures and heuristics scanning. This antivirus is aimed at providing all users with a secure computer enviroment, by making it as simple to use but still packs even more features than other complex antivirus so...

antivirus heuristics-scanner hooking

al-khaser - Public malware techniques used in the wild: Virtual Machine, Emulation, Debuggers, Sandbox detection

•    C++

---

al-khaser is a PoC "malware" application with good intentions that aims to stress your anti-malware system. It performs a bunch of common malware tricks with the goal of seeing if you stay under the radar. You can download the latest release here: x86 | x64.

anti-analysis anti-debugging anti-sandbox anti-vm anti-emulation code-injection malware timing-attacks av-bypass sandbox-evasion

Hermes Secure Email Gateway

•    C

---

Hermes Secure Email Gateway is a Free Open Source Email Gateway that provides Spam, Virus and Malware protection, full in-transit and at-rest email encryption as well as email archiving.

email-security email-gateway malware-protection anti-spam email-encryption hipaa email-server mail-server email-archiving

Super Av Anti Virus

•    

---

Super Av Anti Virus is an open source anti virus with full source code

anti-virus antivirus firewall free freeware

Qmail-Scanner: Content/Anti-virus Scanne

•    Perl

---

Qmail-Scanner, is a Email content scanner that enables a Qmail Email server to scan all Email it receives for certain characteristics (normally viruses), and react accordingly.

magento-malware-scanner - Scanner, signatures and the largest collection of Magento malware

•    HTML

---

Magento is a profitable target for hackers. Since 2015, I have identified more than 40.000 compromised stores. In most cases, malware is inserted that will a) intercept customer data, b) divert payments or c) uses your customers for cryptojacking. This project contains both a fast scanner to quickly find malware, and a collection of Magento malware signatures. They are recommended by Magento and used by the US Department of Homeland Security, the Magento Marketplace, Magereport, the Mage Security Council and many others.

malware scanner magento cryptojacking infosec fraud-detection ecommerce

Anti Virus Scanner for .NET (and COM)

•    

---

This library allows you to virus-scanning a file by any .NET language(C#,F#,VB...), PowerShell,F#Script, WSH(JScript, VBScript), and any COM IDispatch client. ???????????.NET??C#,F#,VB,PowerShell,F#Script,??WSH(JScript,VBScript)?????COM IDispatch??????????????????????????????

amavisd-new - interface between mailer (MTA) and content checkers

•    Perl

---

amavisd-new is a high-performance interface between mailer (MTA) and content checkers amd virus scanners. It talks to MTA via (E)SMTP or LMTP or by using helper programs. It works best with Postfix, Sendmail and Exim v4, works with sendmail/milter, or with any MTA as a SMTP relay. The content received from the mail server is processed with Spam and Anti virus scanner and based on the results the mails will be quarantined.

content-filter interface mail-filter mail

signature-base - Signature base for my scanner tools

•    Python

---

The signature-base repository is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This signature-base is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICLAR PURPOSE. See the GNU General Public License for more details.

signature yara-rules ioc scanner yara anti-virus hash threat-hunting threat-intelligence dfir

ClamAV for OS X

•    Objective-C

---

A Macintosh OS X anti-virus software that uses the ClamAV anti-virus library. The project's focus is on usability. Its purpose is to develop native GUI-based binary distributions of a ClamAV-based anti-virus software that behaves as OS X users expect.

Gateway Anti-Virus

•    PHP

---

Gateway Anti-Virus allows applications across the enterprise to check files for viruses by providing a SOAP-based virus scanning web service. The system uses clamav for virus definitions and detection.

Project Vaccine

•    AutoIt

---

worlds first antimalware software which spreads like a malware.

Amber - Reflective PE packer.

•    Assembly

---

amber is a reflective PE packer for bypassing security products and mitigations. It can pack regularly compiled PE files into reflective payloads that can load and execute itself like a shellcode. It enables stealthy in-memory payload deployment that can be used to bypass anti-virus, firewall, IDS, IPS products and application white-listing mitigations. If you want to learn more about the packing methodology used inside amber check out below. For more detail about usage, installation and how to decrease detection rate check out WIKI. Developed By Ege Balcı from INVICTUS/PRODAFT.

packer pe crypter stub shellcode shellcode-loader payload malware-research paper

Sophos Anti-virus updater

•    Python

---

Utility to automate the download of virus definition updates (IDE files) for Sophos Anti-Virus for Windows

Yara - The pattern matching swiss knife for malware researchers

•    C

---

YARA is a tool aimed at (but not limited to) helping malware researchers to identify and classify malware samples. With YARA you can create descriptions of malware families (or whatever you want to describe) based on textual or binary patterns. Each description, a.k.a rule, consists of a set of strings and a boolean expression which determine its logic.

malware malware-analysis threat-analysis security virus

peframe - PEframe is a open source tool to perform static analysis on (portable executable) malware.

•    Python

---

PEframe is a open source tool to perform static analysis on Portable Executable malware and generic suspicious file. It can help malware researchers to detect packer, xor, digital signature, mutex, anti debug, anti virtual machine, suspicious sections and functions, and much more information about the suspicious files. Documentation will be available soon.

wdbgark - WinDBG Anti-RootKit Extension

•    C++

---

WDBGARK is an extension (dynamic library) for the Microsoft Debugging Tools for Windows. It main purpose is to view and analyze anomalies in Windows kernel using kernel debugger. It is possible to view various system callbacks, system tables, object types and so on. For more user-friendly view extension uses DML. For the most of commands kernel-mode connection is required. Feel free to use extension with live kernel-mode debugging or with kernel-mode crash dump analysis (some commands will not work). Public symbols are required, so use them, force to reload them, ignore checksum problems, prepare them before analysis and you'll be happy. Windows BETA/RC is supported by design, but read a few notes. First, i don't care about checked builds. Second, i don't care if you don't have symbols (public or private). IA64/ARM is unsupported (and will not).

kernel-mode c-plus-plus malware malware-analysis malware-research forensic-analysis windbg windbg-extension anti-rootkit visual-studio driver wdbgark memory-forensics anomaly-detection user-mode sww debugging-tool swwwolf crash-dump

Yosi\'s Anti-Spam POP3 fIlter bot

•    Perl

---

yaspi is a POP3 mail-scanner that targets mailbox bombing originated by virusen. It connects to the POP3 server and uses some heuristics to catch mails infected by Swen and similar virus. Then, it uses Ricochet to send abuse reports.

SpamCheck

•    PHP

---

SpamCheck is an email scanner, comprising anti-virus, spam scanning and a quarantine / management interface.