TinyAntivirus
TinyAntivirus (TinyAv) is an open source antivirus engine designed for detecting polymorphic virus and disinfecting it. Now, TinyAv can detect and disinfect Sality polymorphic virus. In the future, I will deveplop some modules for removing other polymorphic viruses, such as Virut or Polip.
License
This project is released under the GPL2 license.
Requirements
- Microsoft Visual Studio 2015
- zlib 1.2.8 or newer
- unicorn-engine 0.9
Quick start
- Clone the repository:
git clone https://github.com/develbranch/TinyAntivirus.git
. - Build: Core engine, Console and scan module.
- You can see
Release
Directory. Change theRelease
directory and runTinyAvConsole.exe
.
Usage
TinyAvConsole.exe [options]
Option | Meaning | Default value |
---|---|---|
-e | plug-in directory | current directory |
-A | Archive scan depth | -1 : any depth |
-D | scan depth | -1 : any depth |
-d | path to scan | |
-p | file pattern | *.* |
-s | max file size in bytes | 10 * 1024 * 1024 (10 MB) |
-m | Scan mode: Kill-virus (k) or Scan-only(s) | Kill-virus (k) |
-h | Show usage |
You may scan all directories and files by using default values.
Example: Scan for all files (include ZIP files) to detect and disinfect virus. ZIP files which contain virus will be deleted.
C:\build>TinyAvConsole.exe -d C:\sample
------------------------------------------------------
TinyAntivirus version 0.1
Copyright (C) 2016, Quang Nguyen. All rights reserved.
Website: http://develbranch.com
------------------------------------------------------
Scanning ...
C:\sample\calc.EXE
W32.Sality.PE Disinfected
C:\sample\container.zip OK
C:\sample\container.zip>DiskView.exe OK
C:\sample\container.zip>DMON.SYS OK
C:\sample\container.zip>sub_container.zip OK
C:\sample\container.zip>sub_container.zip>NOTEPAD.EXE
W32.Sality.PE Deleted
C:\sample\dbgview.chm OK
C:\sample\sub\gmer.EXE
W32.Sality.PE Disinfected
=============================================
Scanned : 4 file(s) (10 object(s))
Detected : 3 file(s)
Removed : 3 file(s)
Access denied : 0 file(s)
C:\build>
Contribute
If you want to contribute, please pick up something from our Github issues.
I also maintain a list of more problems in a TODO list.
I have only one Sality sample to develop Sality killer module. I think there are many variant types of this file infector. Please send me samples which TinyAv can not detect or other kinds of polymorphic viruses. Thank you.
Author
Blog: develbranch.com