Malice ikarus AntiVirus
This repository contains a Dockerfile of ikarus for Docker's trusted build published to the public DockerHub.
NOTE:
⚠️ Requires license key and non public ikarus binaries. Request free trial at: - https://www.ikarussecurity.com/solutions/trials/demo-license-for-ikarus-antivirus/
- Install Docker.
- Download trusted build from public docker store:
docker pull malice/ikarus - Request demo (https://www.ikarussecurity.com/solutions/trials/demo-license-for-ikarus-antivirus/) and download the provided files to a folder on your server (now refered to as IKARUS-BIN-FOLDER). The following files will be provided by ikarus: libT3_l64.so, t3cmd.ikkey, t3scan_l64, t3update_l64.
- Make sure the downloaded binaries are executable: chmod +x /ikarus/*
- [Optional] If you plan to start the container often, e.g. if you create a new container for each scan, make sure to update the ikarus definitions at least once before use! This way the database won't be updated before each scan what in return reduces the scan time. You can do this by updating the container (see [here]) or by manuall calling the update binary
t3update_l64 -updatein your IKARUS-BIN-FOLDER.
docker run --rm -d --shm-size=256m -v IKARUS-BIN-FOLDER:/opt/ikarus malice/ikarus EICAR
NOTE As the ikarus binaries are not public, they are not included in the docker image and must be mounted into the container using -v IKARUS-BIN-FOLDER:/opt/ikarus.
$ docker run --rm --shm-size=256m -v IKARUS-BIN-FOLDER:/opt/ikarus -v /path/to/malware:/malware:ro malice/ikarus FILE
Usage: Ikarus [OPTIONS] COMMAND [arg...]
Malice Ikarus AntiVirus Plugin
Version: v0.1.0, BuildTime: 20190724
Author:
betellen - <https://github.com/betellen>
danieljampen - <https://github.com/danieljampen>
blacktop - <https://github.com/blacktop>
Options:
--verbose, -V verbose output
--elasticsearch value elasticsearch url for Malice to store results [$MALICE_ELASTICSEARCH_URL]
--table, -t output as Markdown table
--callback, -c POST results back to Malice webhook [$MALICE_ENDPOINT]
--proxy, -x proxy settings for Malice webhook endpoint [$MALICE_PROXY]
--timeout value malice plugin timeout (in seconds) (default: 120) [$MALICE_TIMEOUT]
--help, -h show help
--version, -v print the version
Commands:
update Update virus definitions
web Create a ikarus scan web service
help Shows a list of commands or help for one command
Run 'ikarus COMMAND --help' for more information on a command.{
"ikarus": {
"infected": true,
"result": "EICAR Test-NOT virus!!!",
"engine": "2.1.2",
"database": "17012800",
"updated": "20190724"
}
}| Infected | Result | Engine | Updated |
|---|---|---|---|
| true | EICAR Test-NOT virus!!! | 2.1.2 | 20190724 |
- To write results to ElasticSearch
- To create a ikarus scan micro-service
- To post results to a webhook
- To update the AV definitions
Find a bug? Want more features? Find something missing in the documentation? Let me know! Please don't hesitate to file an issue.
See CHANGELOG.md
See all contributors on GitHub.
Please update the CHANGELOG.md and submit a Pull Request on GitHub.
MIT Copyright (c) 2016 blacktop, betellen, danieljampen