{"id":28360793,"url":"https://github.com/cripterhack/amaru","last_synced_at":"2025-07-02T01:31:37.514Z","repository":{"id":284256971,"uuid":"951006539","full_name":"CripterHack/Amaru","owner":"CripterHack","description":"Open-source antivirus for Windows 11 with real-time scanning, YARA rules, Radare2 integration, and Rust-powered efficiency.","archived":false,"fork":false,"pushed_at":"2025-04-01T07:04:33.000Z","size":6313,"stargazers_count":0,"open_issues_count":2,"forks_count":0,"subscribers_count":1,"default_branch":"main","last_synced_at":"2025-06-20T23:35:13.902Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Rust","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/CripterHack.png","metadata":{"files":{"readme":"README.md","changelog":"change_report.md","contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":"docs/support/contact.md","governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2025-03-19T02:46:17.000Z","updated_at":"2025-04-01T07:04:37.000Z","dependencies_parsed_at":null,"dependency_job_id":"6a3f6bee-c2eb-440b-99f3-c27ac7dccaef","html_url":"https://github.com/CripterHack/Amaru","commit_stats":null,"previous_names":["cripterhack/amaru"],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/CripterHack/Amaru","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CripterHack%2FAmaru","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CripterHack%2FAmaru/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CripterHack%2FAmaru/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CripterHack%2FAmaru/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/CripterHack","download_url":"https://codeload.github.com/CripterHack/Amaru/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/CripterHack%2FAmaru/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":263059676,"owners_count":23407396,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-05-28T12:07:00.100Z","updated_at":"2025-07-02T01:31:37.491Z","avatar_url":"https://github.com/CripterHack.png","language":"Rust","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Amaru: Next Generation Antivirus 🛡️\r\n\r\n\u003cp align=\"center\"\u003e\r\n  \u003cimg src=\"amaru-app.png\" alt=\"Amaru Logo\" width=\"512\" height=\"512\"/\u003e\r\n\u003c/p\u003e\r\n\r\n\u003e ⚠️ **Warning**: By now this is an experimental, in-progress version of Amaru Antivirus. It is currently under active development and should not be used in production environments. Features may be incomplete, unstable or subject to significant changes. Use at your own risk.\r\n\r\nOrigin: Mythological Inca serpent that guards treasures.  \r\nAnalogy: Coils around and neutralizes threats.\r\n\r\n**Open-source antivirus for Windows 11 with real-time scanning, YARA rules, Radare2 integration, and Rust-powered efficiency.**\r\n\r\n[![License: GPL v2](https://img.shields.io/badge/License-GPL_v2-blue.svg)](https://www.gnu.org/licenses/old-licenses/gpl-2.0.en.html)\r\n![Windows 11 Support](https://img.shields.io/badge/Windows-11-0078D4?logo=windows)\r\n![Build Status](https://img.shields.io/github/workflow/status/CripterHack/Amaru/CI)\r\n![Version](https://img.shields.io/github/v/release/CripterHack/Amaru)\r\n\r\n---\r\n\r\n## 📖 Overview\r\nAmaru is a community-driven fork of ClamWin, supercharged with modern malware detection capabilities:\r\n- **Real-time protection** via Rust-native file monitoring\r\n- **Heuristic analysis** using YARA rules and Radare2 static analysis\r\n- **Low resource consumption** thanks to Rust-optimized modules\r\n- **Modern UI** built with Tauri + Svelte + TailwindCSS\r\n\r\nDesigned for users who value transparency, customization, and Windows 11 compatibility.\r\n\r\n---\r\n\r\n## ✨ Key Features\r\n| **Feature**               | **Technology**          | **Description**                                      |\r\n|--------------------------|-------------------------|---------------------------------------------------|\r\n| Real-Time File Monitoring | `notify-rs` + ClamAV    | Watches file changes and scans instantly            |\r\n| YARA Rule Engine         | YARA 4.3+              | Detects malware patterns with custom/signed rules   |\r\n| Static Analysis          | Radare2                | Examines PE headers, sections, and suspicious strings|\r\n| Low-Level Performance    | Rust                   | Memory-safe modules for scanning and hooks          |\r\n| Windows 11 Integration   | WinAPI + WFP           | Native kernel-level file filtering                 |\r\n| Modern UI               | Tauri + Svelte         | Responsive and efficient user interface            |\r\n\r\n---\r\n\r\n## 🛠️ System Requirements\r\n\r\n### Minimum Requirements\r\n- Windows 11 (64-bit)\r\n- 4GB RAM\r\n- 1GB free disk space\r\n- Admin privileges for real-time protection\r\n\r\n### Recommended Requirements\r\n- Windows 11 (64-bit, version 22H2 or later)\r\n- 8GB RAM\r\n- 2GB free disk space\r\n- SSD storage\r\n- Admin privileges\r\n\r\n### Developer Requirements\r\n- Rust toolchain (1.70 or later)\r\n- Node.js 18 or later (for UI development)\r\n- Visual Studio Build Tools with C++ workload\r\n- Git for Windows\r\n\r\n---\r\n\r\n## 📥 Installation\r\n\r\n### End User Installation\r\n1. Download the latest release from the [Releases page](https://github.com/CripterHack/Amaru/releases).\r\n2. Run the installer with administrator privileges.\r\n3. Follow the on-screen instructions to complete the installation.\r\n\r\n### Manual Installation\r\n1. Install the required dependencies (YARA 4.3+ and Radare2).\r\n2. Download the pre-built binary package.\r\n3. Extract to your desired location.\r\n4. Run `amaru-setup.exe` to configure the service components.\r\n\r\n### Developer Installation\r\n1. **Install Rust:**\r\n   ```powershell\r\n   winget install Rustlang.Rust.MSVC\r\n   rustup toolchain install nightly\r\n   rustup default nightly\r\n   ```\r\n\r\n2. **Install Dependencies:**\r\n   ```powershell\r\n   # Install Radare2\r\n   winget install radare.radare2\r\n   \r\n   # Install YARA (4.3+)\r\n   # Download from https://github.com/VirusTotal/yara/releases\r\n   \r\n   # For UI development\r\n   winget install OpenJS.NodeJS.LTS\r\n   ```\r\n\r\n3. **Clone and Build:**\r\n   ```powershell\r\n   git clone https://github.com/CripterHack/Amaru.git\r\n   cd Amaru\r\n   \r\n   # Build backend\r\n   cargo build --release\r\n   \r\n   # Build GUI\r\n   cd gui\r\n   npm install\r\n   npm run build\r\n   \r\n   # Build complete package\r\n   cd ..\r\n   cargo run --bin amaru-packager\r\n   ```\r\n\r\n4. **Configure:**\r\n   ```powershell\r\n   copy .env.example .env\r\n   # Edit .env with your settings\r\n   ```\r\n\r\n5. **Run Examples:**\r\n   ```powershell\r\n   # Run the EICAR test file detection example\r\n   cargo run --example eicar_detection\r\n   \r\n   # Run other examples\r\n   cargo run --example use_core_services\r\n   ```\r\n\r\n---\r\n\r\n## 🚀 Usage\r\n\r\n### GUI Interface\r\nThe most user-friendly way to interact with Amaru is through its graphical interface:\r\n1. Launch Amaru from the Start menu or desktop shortcut.\r\n2. Use the dashboard to view protection status and recent events.\r\n3. Schedule scans and configure protection settings through the Settings page.\r\n\r\n### Command Line Interface\r\nAmaru provides a powerful command-line interface for advanced users and automation:\r\n\r\n```powershell\r\n# Scan a specific file\r\namaru scan --path C:\\path\\to\\file.exe\r\n\r\n# Scan a directory recursively\r\namaru scan --path C:\\Users\\Documents --recursive\r\n\r\n# Enable real-time protection\r\namaru monitor --action start\r\n\r\n# Update YARA rules\r\namaru update --rules\r\n\r\n# Analyze a suspicious file with detailed reporting\r\namaru analyze --file C:\\suspicious\\file.exe --radare2 --heuristic\r\n\r\n# Test detection capabilities with EICAR test file\r\namaru test-eicar\r\n\r\n# Check service status\r\namaru service --action status\r\n```\r\n\r\n### Windows Service\r\nAmaru runs as a Windows service for real-time protection:\r\n\r\n```powershell\r\n# Install the service (admin privileges required)\r\namaru service --action install\r\n\r\n# Start the service\r\namaru service --action start\r\n\r\n# Stop the service\r\namaru service --action stop\r\n\r\n# Check service status\r\namaru service --action status\r\n```\r\n\r\n### Scheduling\r\nConfigure scheduled scans with the built-in scheduler:\r\n\r\n```powershell\r\n# Schedule a daily scan at 3 AM\r\namaru schedule --daily --time \"03:00\" --path \"C:\\Users\"\r\n\r\n# Schedule a weekly scan on Sundays\r\namaru schedule --weekly --day Sunday --time \"02:00\" --path \"C:\\\"\r\n```\r\n\r\n---\r\n\r\n## 🛡️ Security Features\r\n\r\n### Real-time Protection\r\n- **File System Monitoring:** Detects and scans files as they're created or modified\r\n- **Process Behavior Analysis:** Monitors process activities for suspicious behavior\r\n- **Network Traffic Inspection:** Integrates with Windows Filtering Platform\r\n- **Executable Analysis:** Deep inspection of PE files before execution\r\n\r\n### Scanning Capabilities\r\n- **Signature-Based Detection:** Using YARA rules and ClamAV databases\r\n- **Heuristic Analysis:** Detects suspicious patterns and behaviors\r\n- **Memory Scanning:** Examines process memory for hidden threats\r\n- **Static Analysis:** Uses Radare2 to analyze executable structure and behavior\r\n- **EICAR Test Detection:** Recognizes the EICAR test file for antivirus validation\r\n\r\n### Advanced Protection\r\n- **Quarantine System:** Safely isolates detected threats\r\n- **Behavioral Blocking:** Prevents suspicious activities in real-time\r\n- **Reputation Checking:** Verifies file reputation against known safe files\r\n- **Rootkit Detection:** Identifies hidden and privileged malware\r\n\r\n---\r\n\r\n## 📂 Project Structure\r\n```\r\namaru/\r\n├── src/                 # Core Rust implementation\r\n├── gui/                 # Tauri + Svelte frontend\r\n├── yara-engine/        # YARA integration\r\n├── radare2-analyzer/   # Static analysis tools\r\n├── realtime-monitor/   # File system monitor\r\n├── updater/           # Update system\r\n├── signatures/        # YARA rules\r\n├── installer/         # Windows installer\r\n└── docs/             # Documentation\r\n```\r\n\r\n## 🔧 Development\r\n\r\n### Setup Development Environment\r\n```powershell\r\n# Install dev tools\r\ncargo install cargo-watch cargo-audit\r\n\r\n# Run tests\r\ncargo test --all\r\n\r\n# Development mode\r\ncd gui\r\nnpm run dev\r\n```\r\n\r\n### Building from Source\r\n```powershell\r\n# Build release version\r\ncargo build --release\r\n\r\n# Build installer\r\ncargo run --bin amaru-installer-builder\r\n\r\n# Run tests\r\ncargo test --all\r\n\r\n# Build documentation\r\ncargo doc --open\r\n```\r\n\r\n### Testing\r\n```powershell\r\n# Run unit tests\r\ncargo test\r\n\r\n# Run integration tests\r\ncargo test --test '*'\r\n\r\n# Run specific test\r\ncargo test --test scan_test\r\n```\r\n\r\n### Debugging\r\n```powershell\r\n# Enable debug logging\r\n$env:RUST_LOG=\"debug,amaru=trace\"\r\ncargo run\r\n\r\n# Run with performance profiling\r\ncargo run --features profile_allocation\r\n```\r\n\r\n---\r\n\r\n## 📜 License\r\nThis project is licensed under the GNU General Public License v2.0 - see the [LICENSE](LICENSE) file for details.\r\n\r\n## 🙏 Acknowledgments\r\n- [ClamWin](http://www.clamwin.com/) - Original project\r\n- [YARA](https://virustotal.github.io/yara/) - Pattern matching engine\r\n- [Radare2](https://rada.re/n/) - Reverse engineering framework\r\n- [Tauri](https://tauri.app/) - GUI framework\r\n- [Svelte](https://svelte.dev/) - UI library\r\n- [TailwindCSS](https://tailwindcss.com/) - Styling system\r\n\r\n## 💬 Support and Community\r\n- [Open an issue](https://github.com/CripterHack/Amaru/issues) for bug reports or feature requests\r\n\r\n## 🔄 Contributing\r\nContributions are welcome! Please check the [CONTRIBUTING.md](CONTRIBUTING.md) file for guidelines.\r\n\r\n---\r\n\r\n*Disclaimer: Amaru is a community project and is not affiliated with or endorsed by ClamAV or Cisco Talos.*\r\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcripterhack%2Famaru","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fcripterhack%2Famaru","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fcripterhack%2Famaru/lists"}