Finally! A free, open source, on-premise virus scanner framework
After having spoken about it for quite a while, security researcher Robert Simmons has finally begun publishing the code and documentation of his open source AV scanner framework dubbed PlagueScanner.
“PlagueScanner is a multiple AV scanner framework for orchestrating a group of individual AV scanners into one contiguous scanner,” he explained on the project’s GitHub page.
PlagueScanner consists of the core and several agents, which leverage AV engines used by Avast, BitDefender, ESET, Trend Micro, Microsoft (for Windows Defender), and Clam AV.
With PlagueScanner, Simmons tries to solve the problem that many less moneyed companies have: they want to scan a potentially malicious binary with a number of AV solutions, but they might contain sensitive corporate information they wouldn’t want to inadvertently leak by submitting the files to public scanning services like VirusTotal (owned by Google).
If they don’t have the money for another commercial on-premise multi-scanner – and many don’t – they are limited in their options. But now they can use PlagueScanner.
Unfortunately, it – like any technology – can be used both by the good guys and the bad guys.
Malware developers are sure to welcome this opportunity to test their creation and, at the same time, avoid exposing their new malware to malware analysts before they actually start using it.