saferwall
Saferwall is an open source malware analysis platform.
It aims for the following goals:
- Provide a collaborative platform to share samples among malware researchers.
- Acts as a system expert, to help researchers generates an automated malware analysis report.
- Hunting platform to find new malwares.
- Quality ensurance for signatures before releasing.
Features
-
Static analysis:
- Crypto hashes, packer identification,
- Strings extraction
- Portable Executable file parser
-
Multiple AV scanner which includes major antivirus vendors:
Vendors status Vendors status Avast :heavy_check_mark: FSecure :heavy_check_mark: Avira :heavy_check_mark: Kaspersky :heavy_check_mark: Bitdefender :heavy_check_mark: McAfee :heavy_check_mark: ClamAV :heavy_check_mark: Sophos :heavy_check_mark: Comodo :heavy_check_mark: Symantec :heavy_check_mark: ESET :heavy_check_mark: Windows Defender :heavy_check_mark: TrendMicro :heavy_check_mark: DrWeb :heavy_check_mark:
Current architecture / Workflow:
Here is a basic workflow which happens during a file scan:
- Frontend talks to the the backend via REST APIs.
- Backend uploads samples to the object storage.
- Backend pushes a message into the scanning queue.
- Consumer fetches the file and copy it into to the nfs share avoiding to pull the sample on every container.
- Consumer calls asynchronously scanning services (like AV scanners) via gRPC calls and waits for results.
