PlagueScanner: An Open Source Multiple AV Scanner Framework

Presented at Nuit du Hack 2015, June 20, 2015, 5:45 p.m. (45 minutes).

PlagueScanner is an open source framework for organizing any number of AV scanners into one contiguous tool chain. It leverages high speed message queuing along with JSON report output for easy integration into an automated malware analysis lab. An optional ElasticSearch output plugin lets you keep historical data for future searching and further analysis.

This project solves the problem of what to do with a sensitive malicious file that you wish to have multiple AV scanner results for, but you are wary about uploading the file to a public site, and you don't want to pay the hefty price for a commercial scanner bank.


Presenters:

  • Robert Simmons
    Utkonos is a Senior Threat Intelligence Researcher for ThreatConnect, Inc. With an expertise in building automated malware analysis systems based on open source tools, he has been tracking malware and phishing attacks and picking them apart for years.

Links:

Similar Presentations: