PlagueScanner is a multiple AV scanner framework for orchestrating a group of individual AV scanners into one contiguous scanner. There are two basic components in this initial release: Core and Agents.
All PlagueScanner components have the following dependencies:
- Python3: https://www.python.org/
- ZeroMQ: http://zeromq.org/
- pyzmq: https://github.com/zeromq/pyzmq
The Agents have the following additional dependency:
And the Core has the following dependency.
- Web Server (NGINX recommended): http://nginx.org/
In the same directory as each .py file, there needs to be a config file with the following format.
[PlagueScanner]
IP =
Port = 5556
OutboundSamplesDir = /usr/local/www/plaguescanner
[ClamAV]
IP =
[ESET]
IP =
[Bitdefender]
IP =
The scanners used were the following:
- ClamAV: http://www.clamav.net/index.html
- ESET: http://www.eset.com/us/business/server-antivirus/file-security-linux/
- Bitdefender: http://www.bitdefender.com/business/antivirus-for-unices.html
Note: The Trend Micro agent is missing the regex. This will be fixed shortly.
The directory that NGINX serves needs to have group permissions set +w and the user that you run plaguescanner.py as added to that same group.
This has been tested with each scanner installed on separate VMs with the Core also separate. The Core and each of the other VMs should all be on the same closed network segment. After starting each agent, scan a file like so:
$ ./plaguescanner.py sample.exe