Skip to content

Latest commit

 

History

History
121 lines (79 loc) · 5.31 KB

README.md

File metadata and controls

121 lines (79 loc) · 5.31 KB

malice-ikarus

Circle CI License Docker Stars Docker Pulls Docker Image

Malice ikarus AntiVirus

This repository contains a Dockerfile of ikarus for Docker's trusted build published to the public DockerHub.


Dependencies

Installation

NOTE: ⚠️ Requires license key and non public ikarus binaries. Request free trial at: - https://www.ikarussecurity.com/solutions/trials/demo-license-for-ikarus-antivirus/

  1. Install Docker.
  2. Download trusted build from public docker store: docker pull malice/ikarus
  3. Request demo (https://www.ikarussecurity.com/solutions/trials/demo-license-for-ikarus-antivirus/) and download the provided files to a folder on your server (now refered to as IKARUS-BIN-FOLDER). The following files will be provided by ikarus: libT3_l64.so, t3cmd.ikkey, t3scan_l64, t3update_l64.
  4. Make sure the downloaded binaries are executable: chmod +x /ikarus/*
  5. [Optional] If you plan to start the container often, e.g. if you create a new container for each scan, make sure to update the ikarus definitions at least once before use! This way the database won't be updated before each scan what in return reduces the scan time. You can do this by updating the container (see [here]) or by manuall calling the update binary t3update_l64 -update in your IKARUS-BIN-FOLDER.

Usage

docker run --rm -d --shm-size=256m -v IKARUS-BIN-FOLDER:/opt/ikarus malice/ikarus EICAR

NOTE As the ikarus binaries are not public, they are not included in the docker image and must be mounted into the container using -v IKARUS-BIN-FOLDER:/opt/ikarus.

Or link your own malware folder:

$ docker run --rm --shm-size=256m -v IKARUS-BIN-FOLDER:/opt/ikarus -v /path/to/malware:/malware:ro malice/ikarus FILE

Usage: Ikarus [OPTIONS] COMMAND [arg...]

Malice Ikarus AntiVirus Plugin

Version: v0.1.0, BuildTime: 20190724

Author:
  betellen - <https://github.com/betellen>
  danieljampen - <https://github.com/danieljampen>
  blacktop - <https://github.com/blacktop>

Options:
  --verbose, -V          verbose output
  --elasticsearch value  elasticsearch url for Malice to store results [$MALICE_ELASTICSEARCH_URL]
  --table, -t            output as Markdown table
  --callback, -c         POST results back to Malice webhook [$MALICE_ENDPOINT]
  --proxy, -x            proxy settings for Malice webhook endpoint [$MALICE_PROXY]
  --timeout value        malice plugin timeout (in seconds) (default: 120) [$MALICE_TIMEOUT]
  --help, -h             show help
  --version, -v          print the version

Commands:
  update  Update virus definitions
  web     Create a ikarus scan web service
  help    Shows a list of commands or help for one command

Run 'ikarus COMMAND --help' for more information on a command.

Sample Output

{
  "ikarus": {
    "infected": true,
    "result": "EICAR Test-NOT virus!!!",
    "engine": "2.1.2",
    "database": "17012800",
    "updated": "20190724"
  }
}

ikarus

Infected Result Engine Updated
true EICAR Test-NOT virus!!! 2.1.2 20190724

Documentation

Issues

Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue.

TODO

CHANGELOG

See CHANGELOG.md

Contributing

See all contributors on GitHub.

Please update the CHANGELOG.md and submit a Pull Request on GitHub.

License

MIT Copyright (c) 2016 blacktop, betellen, danieljampen