Revisor - Multi AV file analyzer (Student project)

Motivation

• Rising amount of total malware and Potentially Unwanted Applications (PUA).
• Multi AV file analyzer for better accuracy and efficiency.
• Ease of use and deployment. Platform agnostic property.
• Open source resources (Cost effective).
• API support and building automation.

Tech Stack

• Front End: HTML5, CSS3, Java Script
• Backend: Python, Flask, AWS - DynamoDB and S3, AV components - Virus Total, Clam AV and crowd sourced Yara rules.

Set Up

• Download the source code onto your machine or any cloud instance.

• Install Docker.

• Replace the AWS credentials in config/aws/credentials with your AWS keys. (To access S3 and DynamoDB services).

• Replace the certificates in config/backend/certs with your certificate key pair. (To encrypt the communication between frontend and backend through HTTPS)

• Create new or use an existing email ID that can be used for sending reports. REVISOR_EMAIL

• Generate a virus total API key. VT_API_KEY

• Update the below ENVIRONMENT variables in docker_files/docker-compose.yaml:

  • REVISOR_EMAIL
  • REVISOR_EMAIL_PASSWORD
  • VT_API_KEY
  • CLAMD_IP

• Run below command to set up the docker images and run the containers

  sudo docker-compose up -d
  

Architecture

High level architecture of the project is shown below:

Product screenshots

Front end website/UI to upload the file to be analyzed

File anayzer report is sent in the form of email. Reports include the summary PDF report and additional files for more context.

API Endpoints

APIs exposed as part of the project and can be used after the deployment is sucessful

• GET <host>:443/ - browse home page on the browser
• GET <host>:5000/ - Health check API
• POST <host>:5000/upload_file - Upload file for scanning

Contributors (LinkedIn)

• Abhiram Sarja
• Namruth Reddy
• Prateek Vutkur
• Alekhya Digumarthy

Disclaimer

This is a student project (POC) and is not meant for use in production.

Please contact Abhiram or Namruth for more details