Meet PlagueScanner, the open source AV scanner framework

Jul 28, 2015 11:44 GMT  ·  By

VirusTotal is a great service, allowing users and companies alike to scan a file with different antivirus engines, without having to install them on one computer, or run the file from PC to PC and have it scanned in different environments.

The problem with VirusTotal is that it's owned by someone else, more accurately Google. This can be very problematic if you're a private company and the files you want to scan contain private and sensitive information.

But the scanning is not really the problem. Uploading the files to Google's VirusTotal servers is what gives system admins nightmares.

To address this issue, security researcher Robert Simmons has created and recently published on GitHub, a custom, open source antivirus scanning system, very similar to VirusTotal.

Support for a few AV clients is included out of the box

Called PlagueScanner, this AV scanner engine is written in Python and consists of a single-file core and various antivirus agents, which connect to various AV engines and scan files users have supplied to it.

Avast, BitDefender, Clam AV, ESET, Microsoft (Windows Defender), and Trend Micro agents are included with the first release, and the whole thing requires a few Python libraries and an NGINX server to run from.

The requirements are quite low and easily achievable, which means any new startup lacking the funds for a more powerful enterprise-level security system can easily afford it and have their webmasters install it on their own internal network.

Not yet released on GitHub, but already announced by Mr. Simmons are JSON report output capabilities and an ElasticSearch output plugin for recording scan results and easily searching them at later points.

Even if for now, only a few AV engines are supported, because it's open source, expect developers and even the AV companies themselves to submit other AV agents to the PlagueScanner core in the coming months.