https://github.com/malice-plugins/escan
Malice eScan AntiVirus Plugin
https://github.com/malice-plugins/escan
antivirus docker escan malice malware malware-analysis plugin
Last synced: 9 months ago
JSON representation
Malice eScan AntiVirus Plugin
- Host: GitHub
- URL: https://github.com/malice-plugins/escan
- Owner: malice-plugins
- License: mit
- Created: 2017-07-07T01:56:58.000Z (over 8 years ago)
- Default Branch: master
- Last Pushed: 2019-02-10T04:07:41.000Z (almost 7 years ago)
- Last Synced: 2025-03-29T22:10:31.051Z (10 months ago)
- Topics: antivirus, docker, escan, malice, malware, malware-analysis, plugin
- Language: Go
- Size: 3.18 MB
- Stars: 4
- Watchers: 2
- Forks: 5
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# malice-escan
[](https://circleci.com/gh/malice-plugins/escan)
[](http://doge.mit-license.org)
[](https://hub.docker.com/r/malice/escan/)
[](https://hub.docker.com/r/malice/escan/)
[](https://hub.docker.com/r/malice/escan/)
> Malice [eScan](https://escanav.com/en/linux-antivirus/antivirus-for-linux-file-servers.asp) AntiVirus Plugin
---
### Dependencies
- [ubuntu:xenial (_118 MB_\)](https://hub.docker.com/_/ubuntu/)
## Installation
1. Install [Docker](https://www.docker.io/).
2. Download [trusted build](https://hub.docker.com/r/malice/escan/) from public [DockerHub](https://hub.docker.com): `docker pull malice/escan`
## Usage
```
docker run --rm malice/escan EICAR
```
### Or link your own malware folder:
```bash
$ docker run --rm -v /path/to/malware:/malware:ro malice/escan FILE
Usage: escan [OPTIONS] COMMAND [arg...]
Malice eScan AntiVirus Plugin
Version: v0.1.0, BuildTime: 20180903
Author:
blacktop -
Options:
--verbose, -V verbose output
--table, -t output as Markdown table
--callback, -c POST results to Malice webhook [$MALICE_ENDPOINT]
--proxy, -x proxy settings for Malice webhook endpoint [$MALICE_PROXY]
--elasticsearch value elasticsearch url for Malice to store results [$MALICE_ELASTICSEARCH_URL]
--timeout value malice plugin timeout (in seconds) (default: 60) [$MALICE_TIMEOUT]
--help, -h show help
--version, -v print the version
Commands:
update Update virus definitions
web Create a EScan scan web service
help Shows a list of commands or help for one command
Run 'escan COMMAND --help' for more information on a command.
```
This will output to stdout and POST to malice results API webhook endpoint.
## Sample Output
### [JSON](https://github.com/malice-plugins/escan/blob/master/docs/results.json)
```json
{
"escan": {
"infected": true,
"result": "EICAR-Test-File (not a virus)(DB)",
"engine": "7.0-20",
"updated": "20170708"
}
}
```
### [Markdown](https://github.com/malice-plugins/escan/blob/master/docs/SAMPLE.md)
---
#### eScan
| Infected | Result | Engine | Updated |
| :------: | :-------------------------------: | :----: | :------: |
| true | EICAR-Test-File (not a virus)(DB) | 7.0-20 | 20170708 |
---
## Documentation
- [To write results to ElasticSearch](https://github.com/malice-plugins/escan/blob/master/docs/elasticsearch.md)
- [To create a eScan scan micro-service](https://github.com/malice-plugins/escan/blob/master/docs/web.md)
- [To post results to a webhook](https://github.com/malice-plugins/escan/blob/master/docs/callback.md)
- [To update the AV definitions](https://github.com/malice-plugins/escan/blob/master/docs/update.md)
## TODO
- [ ] add ability to enable `--pack/--heuristic/--max-size` scanning options
## Issues
Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to [file an issue](https://github.com/malice-plugins/escan/issues/new).
## CHANGELOG
See [`CHANGELOG.md`](https://github.com/malice-plugins/escan/blob/master/CHANGELOG.md)
## Contributing
[See all contributors on GitHub](https://github.com/malice-plugins/escan/graphs/contributors).
Please update the [CHANGELOG.md](https://github.com/malice-plugins/escan/blob/master/CHANGELOG.md) and submit a [Pull Request on GitHub](https://help.github.com/articles/using-pull-requests/).
## License
MIT Copyright (c) 2016 **blacktop**