https://github.com/tomiwa-ot/py-amsi

Scan strings or files for malware using the Windows Antimalware Scan Interface
https://github.com/tomiwa-ot/py-amsi

amsi amsi-wrapper pypi-package python python-amsi python3

Last synced: 17 days ago
JSON representation

Scan strings or files for malware using the Windows Antimalware Scan Interface

• Host: GitHub
• URL: https://github.com/tomiwa-ot/py-amsi
• Owner: Tomiwa-Ot
• License: mit
• Created: 2022-10-07T14:31:30.000Z (over 2 years ago)
• Default Branch: master
• Last Pushed: 2023-03-24T07:18:36.000Z (about 2 years ago)
• Last Synced: 2025-04-03T11:55:23.503Z (24 days ago)
• Topics: amsi, amsi-wrapper, pypi-package, python, python-amsi, python3
• Language: C++
• Homepage: https://pypi.org/project/pyamsi/
• Size: 86.9 KB
• Stars: 30
• Watchers: 3
• Forks: 4
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

        
# py-amsi

py-amsi is a library that scans strings or files for malware using the Windows

Antimalware Scan Interface (AMSI) API. AMSI is an interface native to Windows 

that allows applications to ask the antivirus installed on the system

to analyse a file/string. AMSI is not tied to Windows Defender. Antivirus

providers implement the AMSI interface to receive calls from applications.

This library takes advantage of the API to make antivirus scans in python.

Read more about the Windows AMSI API [here](https://learn.microsoft.com/en-us/windows/win32/amsi/antimalware-scan-interface-portal).

## Installation

- Via pip

  

  ```

  pip install pyamsi

  ```

- Clone repository

  ```bash

  git clone https://github.com/Tomiwa-Ot/py-amsi.git

  cd py-amsi/

  python setup.py install

  ```

## Usage

```python

from pyamsi import Amsi

# Scan a file

Amsi.scan_file(file_path, debug=True) # debug is optional and False by default

# Scan string

Amsi.scan_string(string, string_name, debug=False) # debug is optional and False by default

# Both functions return a dictionary of the format

# {

#     'Sample Size' : 68,         // The string/file size in bytes

#     'Risk Level' : 0,           // The risk level as suggested by the antivirus

#     'Message' : 'File is clean' // Response message

# }

```

    

        Risk Level

        Meaning

    

    

        0

        AMSI_RESULT_CLEAN (File is clean)

    

    

        1

        AMSI_RESULT_NOT_DETECTED (No threat detected)

    

    

        16384

        AMSI_RESULT_BLOCKED_BY_ADMIN_START (Threat is blocked by the administrator)

    

    

        20479

        AMSI_RESULT_BLOCKED_BY_ADMIN_END (Threat is blocked by the administrator)

    

    

        32768

        AMSI_RESULT_DETECTED (File is considered malware)

    

## Docs

https://tomiwa-ot.github.io/py-amsi/index.html