ScannerDaemon / VirusHammer / PatternFinder
ScannerDaemon, VirusHammer and PatternFinder are a first, very basic implementation of a GPL'ed virus scanner written in Java, which is maintained by
Kurt Huwig. For downloading
the software please see the SF
download page, please read the documentation
online. You may use the online-version of
VirusHammer. For submitting virus patterns please send a mail to firstname.lastname@example.org.
Please DO NOT use ScannerDaemon/VirusHammer as your sole virus protection
at all! It currently lacks many features of modern (commercial)
anti-virus products and therefore i.e. is not able to detect polymorphic
viruses or macro viruses at all and/or reliable. Please read the current status page!
ScannerDaemon is supported by AMaViS, MIMEDefang and OdeiaVir. The OAV pattern file is
used by MessageWall and Clam AntiVirus.
allows to scan all traffic going through the popular Squid HTTP-Proxy for known viruses .
It is a patch based on the work of Olaf Titz (SquidFilter).
Kurt Huwig is currently
working on a first proof-of-concept implementation with ScannerDaemon.
You can read the documentation online
samba-vscan (on-access virus scanning with Samba)
samba-vscan is a proof-of-concept module for Samba, which uses the
VFS (virtual file system) features of Samba 2.2.x/3.0 to provide an
on-access Samba anti-virus. Of course, Samba has to be compiled with VFS
support. It currently works with ClamAV
(clamd/libclamav), FRISK F-Prot Daemon, F-Secure AV, H+BEDV AntiVir,
Kaspersky AntiVirus, McAfee/NAI uvscan, mks32,
OpenAntiVirus ScannerDaemon, Sophos
Sweep, Symantec AntiVirus
Engine (via ICAP) or Trend Micro. The latest release
is 0.3.6b. If you're using Samba 3.0.25 (or later), please give 0.3.6c Beta5 a try.
samba-vscan is maintained by Rainer Link.
samba-vscan is included in recent SUSE Linux / SUSE Linux Enterprise
Server versions. Unofficial samba-vscan RPMs for SuSE Linux / SLES / UL1 can be
found at SUSE's FTP server for Samba 2.2 / 3.0. SUSE
ships samba-vscan since SUSE Linux 8.1 or so, RPMs for Mandrake Linux should
be available and an eisfair package as well. samba-vscan is also in the FreeBSD ports
collection. Some unofficial debs for Debian woody can be grabbed here, but this debs should be used for Samba packages
built by Samba.org only! (thanks to Simo). A FreeBSD 5.3 package (self-built)
can be grabbed here. Use at your own risk.
A re-design of samba-vscan has been discussed. The mentioned vscan caching server can be grabbed here - it's currently in alpha state, so it's for testing purposes only. No further development so far.
A first rewrite has been done in the HEAD branch of samba-vscan CVS
tree; developement has been discontinued some time ago as Stefan is too busy with Samba related stuff. You can grab CVS snapshot as tgz.
VirusHammer is a standalone virus scanner to be run by end users. It is written in 100% pure Java and can be run on any Java enabled platform (JRE 1.3 or better required). There is a JavaWebStart version of VirusHammer available.
The Mini-FAQ is just a small text file which lists several anti-virus products for Unix/Linux. It's maintained by Rainer Link.
- Rescue Disk/CD - set of 2 or 3 disks (or CD, of course) with a bootable mini Linux system and a virus scanner which is started automatically. Esp for Windows systems.
- general on access-scanning (samba/FTP incoming/NFS et al) - Create an LKM, which directs every access to a file first to a running AV-daemon. You may use the EventModule from the OpenXDSM project or changedfiles as example. Or use the dnotify feature of Linux Kernel 2.4 (disadvantage: can't deny access of infected files), or fam/imon. Kurt Huwig recently developed such stuff based on Dazuko for ScannerDaemon. We're currently seeking for a name for this project!
- (remote) management system - could be based on webmin, or written in Java, whatever :-) This project will be started soon ...
AMaViS - A Mail Virus Scanner
AMaViS is a script that interfaces a mail transport agent (MTA) with virus scanners. AMaViS is maintained by Lars Hecking and co-developed by Rainer Link.
httpf - a WWW security proxy
httpf is a proxy which forwards only allowed, harmless content. It's co-developed by Gregor Goldbach.
Inflex / XaMime / SignatureDB
Inflex and XaMime are eMail content-filtering / virus scanning tools. SignatureDB's purpose is to provide signatures/fingerprints of common, annoying emails/files, not specifically viruses.
See Paul L Daniels Homepage for details
Viralator is a perl script that virus scans http downloads on a linux server
after passing through the squid proxy server. It's developed by various people around the world and maintained from Sydney by Dunc.
Halflife is an acronym for Heuristic Application Level Filtering for Linux IPTables Firewall Enhancement. This projects is headed by Christopher Crawford.
Qmail-Scanner, (also known as scan4virus)
is an addon that enables a Qmail Email server to scan all gatewayed
Email for certain characteristics. It's maintained by Jason Haar.
libqsearch is a C library aimed to search for set of patterns in buffers as fast as possible, which could be used for virus scan engines. It's maintained by Philippe Biondi.
mod_vscan is the virus scanning filter module for Apache 2.0.x (I tested only Apache 2.0.39). It scans the objects via generic http requests, proxy requests (with mod_proxy),
and so on (I think web dav requests is also, but not tested). If your requests is infected with any viruses, the server responses status code 403 (access forbidden). It's maintained by Kazutoshi Kubota.
a virus scanninf filter module for Apache 2.0.x using the Clamav virus scanning engine. It's maintained by Andreas Mueller
mod_savi is also an Apache 2.0.x module but for Sophos Sweep.
DansGuardian Anti-Virus Plugin
DansGuardian Anti-Virus Plugin is a GPL addon that takes the Virus Scanning capabilities of The MailScanner and integrates them into the content filtering web proxy DansGuardian. It's maintained by James A. Pattie
FileType is a simple filetype
detection system written to provide developers with an easy to use, but
effective library. It's maintained by Paul L. Daniels
Avfs: An On-Access Anti-Virus File System
Avfs: An On-Access Anti-Virus File System is a stackable file system for Linux, using (improved) ClamAV for virus scanning. It's a project of the File systems and Storage Lab, Stony Brook University.
If your project is missing, please contact Rainer Link.
to top of page