Open Source Anti-Malware Software

Announcing The New Robolinux Series 14 Mate LTS - 2034 Robolinux is very pleased to announce a completely new 14.1 Mate privacy centered 1inux operating system you can download freely while also offering our users an optional 14+ advanced upgrade which comes with our Untracker and FAAST Boot along with one click popular privacy software installers like Tor and I2p, Wireshark and Bleachbit plus many more for a fair and reasonable price. Robolinux14.1-Mate is ideal for beginners and advanced users. We are proud that it comes with Enoch AI which is TOTALLY 100% PRIVATE, FREE, HONEST & UNCENSORED built into Robolinux Cinnamon 14.1 The Robolinux 14.1 version with rock solid Long Term Support through 2034! requires users to set secure boot in their BIOS. It is currently available in the Cinnamon desktop flavor. we will release series 14 Xfce version in the next two months.For more information please see Readme file. Warmest regards John Martinson Robolinux.org

readpe (formerly known as pev) is a multiplatform toolkit to work with PE (Portable Executable) binaries. Its main goal is to provide feature-rich tools for properly analyze binaries with a strong focus on suspicious ones.

The clamav-unofficial-sigs script provides a simple way to download, test, and update third-party signature databases provided by Sanesecurity, SecuriteInfo, MalwarePatrol, OITC, etc. The package also contains cron, logrotate, and man files.

Common network dump analyzer tool to extract application data and pretty show. It reassembles and shows HTTP/SMTP/POP3/IMAP etc files. Please donate if you want this to be a candy.

OpenCloudAV is the first open source multi-engine based malware analysis service from the network cloud. This project is in alpha release, run only in GNU/Linux, and is mainly developed using Perl SOAP::Lite module. Version 0.2 alpha is available now

Spondulas is browser emulator and parser designed to retrieve web pages for hunting malware. It supports generation of browser user agents, GET/POST requests, and SOCKS5 proxy. It can be used to parse HTML files sent via e-mail. Monitor mode allows a website to be monitored at intervals to discover changes in DNS or content over time. Autolog mode creates an investigation file that documents redirection chains. The retrieved web pages are parsed for links and reported to an output file. More information is available on the wiki.

Anoubis is a Security Suite which implements a secured environment for applications. The core of the suite is an Application Firewall alongside with a Sandbox. Mechanisms to assure the authenticity of files, directories and applications are provided.

Compares botnet detection methods by computing the error metrics by reading the labels on a NetFlow file. The original NetFlow should have a new column for the ground-truth label, and a new column with the prediction label for each botnet detection method. This program computes all the error metrics (TPR, TNR, FPR, FNR, Precision, Accuracy, ErrorRate, FMeasure1, FMeasure2, FMeasure0.5) and output the comparison results. It also ouputs a png plot. The program can compare in a flow-by-flow basis, or it can apply our new botnet detection error metrics, that is time-based, detects IP addresses instead of flows and it is weighted to favor sooner detections. See the paper for more details.

A Bash script for downloading and installing additional Clamav definition files.

Clam AntiVirus Client Library provides a simple API to the ClamAV daemon. ClamAVC does not require ClamAV to be installed. ClamAVC communicates with clamd using clamd's documented protocol using either TCP or a local Unix domain socket.

Visual Framework Tool to scan/sniff address space, enumerate users, crack credentials, pattern based dial spoofing and security reporting for Voip protocols. This software is intended to give a general framework to build and plug Voip protocol analizers in order to fix security issues and enhance VoiP platforms confidence. It IS NOT intended to be a cracking tool for malicious system breakers, but a really software MUST for security people to assure Voip platform security.

FDNS measures, detects, and notices the extremely anomalous traffic according to the bulk distribution aspect of flooding traffic, including: packet flooding attack, portscan, spam distribution.

A graphical interface for use with multiple linux command line anti-virus scanners.

A Bash script for downloading and installing additional Clamav definition files.

The SXMD (" like Security-X MultiDistribution ") use syslinux, grub4dos and others bootloaders to recover a crashed boot or run many GNU / Linux utilities. The first category is "Antivirus" with editors like Antivir, AVG, Comodo, DrWeb, FSecure, Kaspersky, Panda, VBA ... The second is composed by GNU/Linux's Distro: DSL, CorePlus (+Qemu Starter), Slacko, Slax Custom, Slitaz & XPuD ... After, you can find very good Recovery and Partitioning tools : Redo Backup, Parted Magic, MiniTool Partition Wizard, Paragon, PING, OSF and ActiveBootDisk ... SXMD also gathering a XP PE : Hiren'sBoot with DOS tools ("ubcd"), a Portable Suite and many boot priorities or possibilities. Size : +/- 3Gb Available : USB / DVD version ("coming soon") WebSite : http://www.security-x.fr/tools/SXMD ("under construct")

SisyphusScan is a wrapper to malware scanners that can be used for cyclic scanning of files (i.e. accross several executions). The scanning process is optimized with a cache. Currently supports the clamd daemon from the ClamAV tools suite.

Announcing Stealth VM Software for Ubuntu & Derivatives! http://robolinux.org/ubuntu This is great news for Windows XP Users who either cannot afford or simply do not want to upgrade to Windows 7 or 8 when XP expires! Are You one of the many new Ubuntu Users around the world who are migrating from Windows XP to Linux because you don't want to to be forced to spend hundreds of dollars or throw away your PC or laptop that is in perfectly good working condition? If you are like most Windows XP Users who are just switching to Linux you are worried about being able to run your Windows applications. Indeed that is a problem you are looking to solve as quickly as possible. Stealth VM Software has solved your Windows to Linux migration dilemma already! You don't need to worry about viruses or malware infecting Windows & its data because Stealth VM Software invented by Robolinux keeps a protected clone of Windows and mirrors your data in a secure Ubuntu Linux partition.

A hardware supported hypervisor originally built for malware analysis. Features: Linux VM introspection, minimal detectability, small (~150KB), simple, and well documented. Can be used for other purposes. Support for Intel-VT & Windows coming soon.

Runs (malicious) executables under Wine and generates an IDS-signature based on the observed network traffic.

ant_farm plugin to explore Annotated Binary Files (.abn) . "ant_farm" is necessary for ant_farm_abn to function properly and may be obtained from http://ant-farm.sourceforge.net .

ant_farm plugin to explore Android Package Files (.apk) . "ant_farm" is available from http://ant-farm.sourceforge.net . ant_farm_apk uses androguard for the heavy lifting. Androguard is available from http://code.google.com/p/androguard .

Chords is strings on steroids. Is able to extract strings from files just like strings, but it also supports windows wide string, base64 and hexadecimal strings (with decoding support) and automatic recognition of Indicators of Compromise (IOCs). It has been developed to support the malware analysis process, but is a general purpose tool.

Clamav-redirector is plug-in for Squid that uses the Google Safe Browsing database and, optionally, ClamAV to scan websites. It prevents you from accessing websites that contain malware such as viruses and trojans.

Is your server running slowly? Clamav-sniffer could help - it scans for malware such as phishes and viruses and configures your firewall to block the cracker.

I have several websites and some time ago I found code in one of my websites that I did not create. One of those scripts was able to send spam and the other one had some malware code in it. Now you can argue that my website was just not safe enough because who ever placed this code had been able to get in. That is true and the ideal situation is to have such a safe website that nobody can break in. But sometimes this is hard to achieve. mod_detect was developed to at least find code that someone else placed into the scripts of your website and eventually eliminate it.