MalwareMultiScan alternatives and similar software solutions
Based on the "Misc/Other" category.
Alternatively, view MalwareMultiScan alternatives based on common mentions on social networks and blogs.
-
CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis -
changedetection.io
The best and simplest free open source web page change detection, website watcher, restock monitor and notification service. Restock Monitor, change detection. Designed for simplicity - Simply monitor which websites had a text change for free. Free Open source web page change detection, Website defacement monitoring, Price change notification -
google-webfonts-helper
A Hassle-Free Way to Self-Host Google Fonts. Get eot, ttf, svg, woff and woff2 files + CSS snippets -
blynk
DISCONTINUED. Blynk is an Internet of Things Platform aimed to simplify building mobile and web applications for the Internet of Things. Easily connect 400+ hardware models like Arduino, ESP8266, ESP32, Raspberry Pi and similar MCUs and drag-n-drop IOT mobile apps for iOS and Android in 5 minutes -
Reactive Resume
DISCONTINUED. A one-of-a-kind resume builder that keeps your privacy in mind. Completely secure, customizable, portable, open-source and free forever. Try it out today! [Moved to: https://github.com/AmruthPillai/Reactive-Resume] -
Ombi
DISCONTINUED. Want a Movie or TV Show on Plex or Emby? Use Ombi! [Moved to: https://github.com/Ombi-app/Ombi] -
cState
๐ฅ Open source static (serverless) status page. Uses hyperfast Go & Hugo, minimal HTML/CSS/JS, customizable, outstanding browser support (IE8+), preloaded CMS, read-only API, badges & more. -
Revive Adserver
The world's most popular free, open source ad serving system. You can download the latest release at: -
2FAuth
A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes -
COPS
Calibre OPDS (and HTML) PHP Server : web-based light alternative to Calibre content server / Calibre2OPDS to serve ebooks (epub, mobi, pdf, ...) -
Ulterius
DISCONTINUED. Ulterius is an open-source remote desktop software with lots of awesome functions. -
How Secure Is My Password
DISCONTINUED. Rather than just saying a password is "weak" or "strong", How Secure is My Password? lets your users know how long it would take someone to crack their password. -
Para
Multitenant backend server for building web and mobile apps rapidly. The backend for busy developers. (self-hosted or hosted) -
DomainMOD
DomainMOD is an open source application written in PHP & MySQL used to manage your domains and other internet assets in a central location. DomainMOD also includes a Data Warehouse framework that allows you to import your web server data so that you can view, export, and report on your live data. -
Skygear
DISCONTINUED. Skygear - an open source serverless platform for modern secure app development -
visualCaptcha
visualCaptcha's Main Repo. This is a collection of all the different versions/repos of visualCaptcha. -
GeneWeb
GeneWeb is a free (as in free speech) genealogy software with a web interface created by Daniel de Rauglaudre. -
Anchr
โ๏ธ Anchr provides you with a toolbox for tiny tasks on the internet, especially bookmark collections -
AlertHub
AlertHub is a simple tool written with NodeJS to get alerted from new GitHub and GitLab repository events. -
Digital-Currency
DISCONTINUED. Create your own Digital Currency with this self-hosted Web App. Check out the Demo website -
CrushPaper
Research the web for relevant sources, save them to CrushPaper and then combine them with your own insights into an article. -
Trello Burndown
An easy to use self-hosted SCRUM burndown chart for Trello boards. (Docker or binary)
CodeRabbit: AI Code Reviews for Developers
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of MalwareMultiScan or a related project?
README
MalwareMultiScan
Self-hosted VirusTotal / OPSWAT MetaDefender wannabe API for scanning URLs and files by multiple antivirus solutions.
[MalwareMultiScan UI](.github/img/malware-multi-scan-ui.gif)
IMPORTANT: version 1.5 introduces breaking changes in containers configuration and docker-compose.yaml layout. Please see releases page and changelog of docker-compose.yaml and README.md for the additional details.
Introduction
I faced a need to scan user-uploaded files in one of my work projects in an automated mode to ensure they don't contain any malware. Using VirusTotal was not an option because of a) legal restrictions and data residency limitations b) scanning by hash-sums would not be sufficient because the majority of files are generated / modified by users.
After googling, I stumbled upon a fantastic maliceio/malice project. Unfortunately, it looks abandoned, and most plugins do not work for the moment. In addition to that, I had an intention to use the .NET stack to align with the internal infrastructure.
In the end, it's nothing but the set of Docker containers running the agent. That agent downloads the remote file to the temp folder, then launches the vendor command-line scanning utility with proper arguments, and parses the output with a regular expression to extract a detected malware name.
Installation & Usage
IMPORTANT: MalwareMultiScan is not intended as a publicly-facing API / UI. It has (intentionally) no authorization, authentication, rate-limiting, or logging. Therefore, it should be used only as an internal / private API or behind the restrictive API gateway.
Whole solution can be started with docker-compose up
executed in a root folder of repository.
It can be also deployed to the Docker Swarm cluster by using the command docker stack deploy malware-multi-scan --compose-file docker-compose.yaml
.
After the start the Demo Web UI will become available under http://localhost:8888.
See components chapter below and the [docker-compose.yaml](docker-compose.yaml) file.
Configuration
Configuration of API and Scanners is performed by passing the environment variables. Descriptions and default values are provided below.
MalwareMultiScan.Api
MONGO_ADDRESS=mongodb://localhost:27017
- MongoDB connection string.MONGO_DATABASE=MalwareMultiScan
- MongoDB collection name.REDIS_ADDRESS=localhost:6379
- Redis address for the distributed task queue.CONSUL_ADDRESS=http://localhost:8500
- Consul address for the service registration.FILE_SIZE_LIMIT=52428800
- Maximum size of a file that can be handled for the file scanning. The size of the URL content is not verified. Set to 0 to disable the validation.
MalwareMultiScan.Scanner
BACKEND_ID=dummy
- Id of a backend.REDIS_ADDRESS=localhost:6379
- Redis address for the distributed task queue.CONSUL_ADDRESS=http://localhost:8500
- Consul address for the service registration.MAX_SCANNING_TIME=60
- Scan time limit. It is used not just for actual scanning but also for getting the file.WORKER_COUNT=4
- Number of workers for parallel scanning.
MalwareMultiScan.Ui
API_URL=http://localhost:5000
- Absolute URL incl. port number for the running instance of MalwareMultiScan.Api.
API Endpoints
POST
/api/queue/url
with aurl
parameter passed via the form data.. Returns201 Accepted
response with a [ScanResult](MalwareMultiScan.Api/Data/ScanResult.cs) or400 Bad Request
error.POST
/api/queue/file
with afile
parameter passed via the form data. Returns201 Accepted
response with a [ScanResult](MalwareMultiScan.Api/Data/ScanResult.cs) or400 Bad Request
error.GET
/api/results/{result-id}
where{result-id}
corresponds to the id value of a [ScanResult](MalwareMultiScan.Api/Data/ScanResult.cs). Returns200 OK
response with a [ScanResult](MalwareMultiScan.Api/Data/ScanResult.cs) or404 Not Found
error.
Callback URL
Both /api/queue/url
and /api/queue/file
also accept an optional callbackUrl
parameter with the http(s) URL in it. This URL will be requested by the POST method with JSON serialized [ScanResultMessage](MalwareMultiScan.Shared/Message/ScanResultMessage.cs) in a body on every update from scan backends. Query string will contain id
parameter that corresponds to the id of the scan result and backend
parameter with the id of backend which completed the scan.
I.e. when you define callbackUrl=http://localhost:1234/scan-results
, the POST request will be made to http://localhost:1234/scan-results?id=123&backend=dummy
with a body
{
"Status": 1,
"Duration": 5,
"Threats": ["Malware.Dummy.Result"]
}
Supported Scan Engines
Name | Dockerfile | Enabled | Comments |
---|---|---|---|
ClamAV | [Clamav.Dockerfile](MalwareMultiScan.Backends/Dockerfiles/Clamav.Dockerfile) | :white_check_mark: | |
Comodo | [Comodo.Dockerfile](MalwareMultiScan.Backends/Dockerfiles/Comodo.Dockerfile) | :white_large_square: | |
DrWeb | [DrWeb.Dockerfile](MalwareMultiScan.Backends/Dockerfiles/DrWeb.Dockerfile) | :white_large_square: | Pass license key to the DRWEB_KEY build arg. |
Dummy | [Dockerfile](MalwareMultiScan.Scanner/Dockerfile) | :white_check_mark: | Scan backend made for testing. Returns Malware.Dummy.Result threat for every scan after 5 seconds. |
KES | [KES.Dockerfile](MalwareMultiScan.Backends/Dockerfiles/KES.Dockerfile) | :white_large_square: | Pass license key to the KES_KEY build arg. KES 11 does not work in Docker. |
McAfee | [McAfee.Dockerfile](MalwareMultiScan.Backends/Dockerfiles/McAfee.Dockerfile) | :white_large_square: | |
Sophos | [Sophos.Dockerfile](MalwareMultiScan.Backends/Dockerfiles/Sophos.Dockerfile) | :white_large_square: | |
Defender | [WindowsDefender.Dockerfile](MalwareMultiScan.Backends/Dockerfiles/WindowsDefender.Dockerfile) | :white_check_mark: |
More scan backends can be added in the future. Some of the popular ones do not have command line scanning utility, Linux version, or don't start in Docker container. Feel free to raise an issue if you know any in addition to the list above.
Components
Workflow
On startup all [Scanners](MalwareMultiScan.Scanner) register themselves in Consul with a service name equal to
scanner
and theBackendId
metadata field equal to the value ofBACKEND_ID
environment variable. They also register a TTL check and listen for Hangfire background job in a queue named under theBackendId
metadata field.Third-party client triggers
/api/queue/url
or/api/queue/file
of the [MalwareMultiScan.Api](MalwareMultiScan.Api).[MalwareMultiScan.Api](MalwareMultiScan.Api) sends a query to Consul and receives the list of alive scan backends with the service name
scanner
.[MalwareMultiScan.Api](MalwareMultiScan.Api) schedules a Hangfire background job in a queue named under the
BackendId
metadata field.[Scanners](MalwareMultiScan.Scanner) picks up a job from queue, starts the scan and sends result back to the
default
queue of Hangfire.[MalwareMultiScan.Api](MalwareMultiScan.Api) picks a job from the default` queue of Hangfire and updates the state of the scan.
If callback URL was specified during the step #2, [MalwareMultiScan.Api](MalwareMultiScan.Api) triggers a HTTP POST request to the specified URL. See Callback URL for details.
Prerequisites
MongoDB of version 3.x or above. Used for storing scan results and files in GridFS. The communication is happening through the official C#/.NET driver.
Redis of version 5.x or above. Used for tasks queueing. The communication is happening through the Hangfire library.
Consul of version 1.8.x or above. Used for service registration of scan backends.
Docker and docker-compose running under Windows (in Linux containers mode), Linux, or OSX. Docker Compose is needed only for test / local deployments.
Optional: DockerSwarm / Kubernetes cluster for scaling up the scanning capacities.
Parts
[MalwareMultiScan.Api](MalwareMultiScan.Api) - Simple ASP.NET Core WebApi for queueing files & urls for the scan and returning the result. Also acts as a receiver of scan results from the scanning backend nodes. See [Dockerfile](MalwareMultiScan.Api/Dockerfile).
[MalwareMultiScan.Backends](MalwareMultiScan.Backends) - Scan backends logic. Includes Dockerfiles and implementation classes for third-party vendor scan backends.
[MalwareMultiScan.Shared](MalwareMultiScan.Shared) - Shared components.
[MalwareMultiScan.Scanner](MalwareMultiScan.Scanner) - .NET Core Worker service subscribes to messages corresponding to the backend id, then fires up scanning command-line utility, and parses the output. See [Dockerfile](MalwareMultiScan.Scanner/Dockerfile). The image of MalwareMultiScan.Scanner acts as a base image for the rest of the scan backends. Check Dockerfiles from the table above for details.
[MalwareMultiScan.Ui](MalwareMultiScan.Ui) - Nuxt.js TypeScript SPA for demoing the API capabilities. See [Dockerfile](MalwareMultiScan.Ui/Dockerfile).
## Plans
See issues for the list of planned features, bug-fixes, and improvements.
*Note that all licence references and agreements mentioned in the MalwareMultiScan README section above
are relevant to that project's source code only.