Skip to content

TraXIcoN/SAS-Smart-Antivirus-System

Repository files navigation

Important Note

This project is only inactively maintained. This means that I merge pull request for bug fixes and simple features that are easily integrated but new features will be delayed.
The aim is to

  • stabilize the current release
  • minimize any performance issues

I'm focusing on a CLI based version that will be a sohpisticated scanner, dropping (Real time protection)RTP support, this will be more streamlined and provide a faster experience. [Details for CLI project to be added soon!]

Meanwhile check out Xylent below 👇🏻

Xylent

A powerful antivirus built using Electron framework and python

Added Features

  • Real Time System Watch
  • Database based quering(md5 and sha256)
  • Yara based pattern matching analysis
  • Executable file signature and integrity analysis
  • Quarantine Handler
  • Startup Items Management
  • Configurable Quick Settings
  • Basic Scans -> Quick

Xylent Interface

Xylent Antivirus Dashboard



Warranty and License

Xylent - A powerful antivirus built using Electron framework and python
Copyright (C) 2023-present Rutuj Runwal

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU General Public License for more details.

You should have received a copy of the GNU General Public License
along with this program.  If not, see {http://www.gnu.org/licenses/}.

Home: https://github.com/Rutuj-Runwal/Xylent

Features Demonstration

Real Time Protection Demo:

  • Xylent is capable of detecting and removing Malware
  • Blocks drive by downloads
  • Prevents malware replication
  • Blocks malware on file opening,renaming as well as copying
Xylent.Antivirus.Realtime.Protection.Demo.mp4

Quarantine Management Demo:

  • Objects detected are placed into a secure quarantine folder
  • Xylent's UI provides a simple interface to restore or safely remove the files
Xylent.Antivirus.Quaratine.Management.mp4

Archive Auto Repair

  • Automatically repair's archive containing malicious files
  • Repairs infected files and keeps important data in the archive safe
Xylent.Antivirus.Archive.Auto.Repair.mp4

Startup monitor Demo:

  • Xylent monitors startup items for potential malware
  • Currently uses baseline unusual characters and patterns in processname of startup IOC's
  • Enable/Disable startup items directly via Xylent's UI
Xylent.StartupMonitor_Demo.mp4

Expected Features/Coming Soon

  • Fuzzy Hashing based detection
  • Intelligent/Smart cleaning
    • Cache cleaner -> temp,prefetch, Browser cache...
    • Automatically apply recommended OS settings
  • File Insights: VirusTotal based quering,
  • Web Insights: whois lookup for inbound/outbound urls, virustotal / McAfee siteadvisor
  • Basic Scans --> Full,Custom,Memory based scans

Ambitious/Nice-To-Haves' Features

  • Vulnerability Scanner [CVE lookup]
  • MITRE ATT&CK report for threats
  • In process interruption of malware execution
  • [LINUX] ClamAV integration
  • File entropy and ML based Heuristic
  • AI based malicious pattern detection
  • IDS/IPS & HIPS

Tech Stack:

  • Python
    • Flask
    • yara
  • ElectronJS
  • ReactJS
  • Webpack/babel

npm i

npm run watch

python engine.py

npm start

Architecture

  • Flask backend: run using python engine.py
  • Electron based frontend built on ReactJS
    • npm install to install dependencies
    • npm run watch to compile using webpack
    • Finally npm start to run the app

Target Environment

  • Currently in development with main focus towards Windows [both 32-bit and 64x] systems
  • Requires Administrator privilages for certain features
  • Extending capabilites towards Linux at a later stage

Acknowledgements and References

  • Use signature base by Florian Roth under Detection Rules license for additional detection capabitiies. Place the yare rules in /backend/signature-base/yara/
  • Custom simple "Dummy" yara rules - ruleA & ruleB to detect test malware( of type .docx and .pdf) designed specifically for Xylent Antivirus

About

No description, website, or topics provided.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published