Skip to content

Konloch/Antivirus

Folders and files

Name		Name	Last commit message	Last commit date
Latest commit History 134 Commits
.github		.github
Antivirus-Core		Antivirus-Core
Antivirus-GUI		Antivirus-GUI
scripts		scripts
.gitignore		.gitignore
LICENSE		LICENSE
README.md		README.md
pom.xml		pom.xml

Repository files navigation

Antivirus+

Screenshot-1 Screenshot-2

General Features

Mixes both static and dynamic file scanning
Built on top of existing AV databases & tools
Experimental modules
Large signature database
The tool is still early in development

Technical Features

Scans using Yara & File signatures
SQLite for database storage
Automatically updates from ClamAV's DB, Malware Bazaar, VirusShare, Yaraify & Yara
- You need to manually update AV+ itself though, the software will not self-update, only the signatures and scanning dependencies

How To Install

Install the latest JRE (Must be on Java 8 or higher)
Download the latest release
Run the latest release
- You'll have to wait for the initial download to finish before you can scan
- Due to the signature database size this can be up to an hour
Report all issues here

How To Use

Use the tray to access the various GUIs
- Scanner
- Settings
- Quarantine

How To Scan

Drag and drop any folder or file you want to scan
Full scan will scan all of your drives and files, this requires admin elevated rights for a deep scan but works without it
Quick scan will scan all active processes, start-up locations & other well known locations
Specific scan will prompt a file selection dialogue - select any file or folder from here

How To Remove Detections

Open the quarantine from the tray
Review the file-paths by hovering over the file-name to verify the file isn't a false positive

Requires

Java 8 (Later versions also work)
Windows 11 (Earlier versions also work)
- Linux / Mac support works but has limited feature set
  - Experimental VM Mimic is currently windows only

Technology Credits

File Signature Scanning comes from Traditional-Antivirus
- File signatures database come from ClamAV's DB, Malware Bazaar, VirusShare
Yara Scanning comes from Yara-Antivirus
- Yara integration is powered by Yara CLI
- Yara database come from Yaraify
Experimental VM Mimic comes from Experimental-Antivirus
- Experimental VM Mimic process names Fake-Sandbox-Artifacts

Notes

Use in combination with Windows Defender or another trusted Antivirus
Quarantine does not actually quarantine - Until we can rule out false positives from the yara rules we probably won't have a realtime quarantine
- Instead, we have a passive quarantine that requires the user to decide if they want to remove the files or not

More Media

Scanning GUI with Quarantine GUI

Scanning GUI

Quick scanning

Settings GUI with toggling the scanning options

Settings GUI

Startup after fully installed

Downloading dependencies announcements

Tray navigation

About

Work In Progress

konloch.com/antivirus

Topics

antivirus antivirus-scanners antivirus-software antivirus-free

Resources

License

Stars

Watchers

Forks

Report repository

Releases 1

Antivirus+ v0.1.0 - Initial Beta Release Latest

Packages

Contributors

Languages