How To Install Armadito Antivirus

The Armadito antivirus project

modular, multi-platform & a direction console

• Track: Lightning Talks
• Room: H.2215 (Ferrer)
• Day: Sabbatum
• Start: xiv:twoscore
• Stop: 14:55

The Armadito antivirus project

We will present Armadito, an open source and multi-platform antivirus. Its original modular compages allows third-party developers to add together their own malware detection modules, written in C and in the time to come in Python or Go. Electric current modules are signature-based (ClamAV), rules-based (YARA) or heuristics. It provides as well real-fourth dimension detection on GNU/Linux and MS-Windows.

Armadito provides graphical user interfaces to notify of malware detection, launch browse, view statistics and periodical. A central administration console, integrated as a GLPi plug-in, allows a system administrator to manage all the installed antivirus, view alerts, launch remote scans, deploy configuration or bases.

Project has several opened problems that are not addressed yet: loftier retentivity footprint, sandboxing for browse modules, automated generation of signature bases from automatic malware collecting. Contributions from the free software community would be highly appreciated.

Armadito project is on github: (https://github.com/armadito)

The Armadito antivirus projection

What is it?

Armadito is an open source antivirus, that runs on GNU/Linux and MS-Windows. Its modular architecture allows easy integration of new detection algorithms.

Armadito provides standard antivirus features: on-demand scan, quarantine, alerts, journal and existent-fourth dimension (or "on-admission") protection. This protection is implemented on GNU/Linux using fanotify and on MS-Windows with its own driver.

Modular compages

Armadito scans files using scan modules, which are plugins written in C and using a common API (load, configure, scan, unload).

Electric current modules are:

• ClamAV using libclamav
• YARA
• heuristic for PE and ELF binaries
• heuristic for PDF documents

A future extension is to allow writing modules in Python and Become languages.

User interfaces

Armadito provides 2 user interfaces:

• a lightweight graphical user interface, showing but notifications plus "systray" icon, developed using native toolkits
• a total interface, developed using web technologies (AngularJS), that runs in a browser and uses the antivirus REST API

Antivirus administration

The installed antivirus tin exist managed from a fundamental console, that allows through a spider web interface to view alerts, launch remote scans, deploy new bases or configuration. This console is integrated as a GLPi plugin.

Next steps

Hereafter developments of the project are:

• update MS-Windows code and release a MS-Windows version with installers
• make extensive testing
• improve documentation
• re-implement the heuristic module for PE/ELF binaries analysis
• provide an API to permit scan modules to be implemented in Python and GO
• better lawmaking quality using sonarqube
• contribute to IRMA with Armadito plugin
• make Armadito antivirus be available inside virustotal.com and AVCaesar

Issues

The project has several opened issues which are non obvious to address:

• memory footprint is besides high, approximately 450M when using the ClamAV module, when compared to standard antivirus which take a momory footprint in the order of 100M
• scan modules should run inside a sandbox because they parse complex formats and unpackers, and a problems in the parser or a deliberately malformed file tin can crash the module and therefore compromise the entire antivirus
• providing up-to-date and good "signature" bases is yet to be done; it requires a strong architecture for malware collecting and automated signature (probable YARA rules) generation

The current team is pocket-sized and contributions from the free software community would be highly appreciated.

Links

Code: github.com/armadito

Documentation: armadito-av.readthedocs.io

Talk: gitter.im/armadito/armadito-av

Ubuntu PPA: launchpad.net/~armadito

Speakers

Attachments

• Armadito FOSDEM LightningTalk proposal (slides)

Links

• Video recording (mp4)
• Video recording (WebM/VP8)
• Submit feedback

Source: https://archive.fosdem.org/2017/schedule/event/armadito/

Posted by: adkinsarsiditholen.blogspot.com

Share this post