My student Mattias Huber presenting a tool for detecting Malware at the CSU Channel Islands Computer Science Capstone Showcase on May 11, 2017.
This tool can be used to upload a target file, directory, or URL to Virus Total, a website that scans the target with around 60 virus scanners from the industry. If the target is not already in the Virus Total database, the scan will be queued and completed shortly. As this is an asynchronous process, this tool is useful in uploading jobs, checking if jobs have completed, and displaying reports on completed jobs. The system also keeps track of all files uploaded, performs checks on already uploaded files to save bandwidth, saves all completed reports in a list, and all positive reports in a separate list.
Utilizing Amazon Web Services (AWS), Elastic Compute Cloud (EC2), and Simple Storage Service (S3), this system can be set up allow users to place files into a S3 bucket which will then be scanned automatically and user can be notified of any possible positives found.
- The User places a file they wish to scan into the S3 bucket, such as
http://mybucket.s3.amazonaws.com - A dedicated EC2 instance watches the bucket, detects the new file, and uploads the file to Virus Total.
- The EC2 instance waits until Virus Total returns a completed report.
- If any positives are found the instance notifies the user, otherwise the report is added to the completed list.
Virus total has a public API that is limited to 6 uploads per minute, but CSU Channel Islands was granted research API access which is limited to 600 uploads per minute.
Mattias is going to make this tool available for everyone through GitHub.
Capstone Showcase Spring 2017; see here for more details and here for more pictures. And click here for the presentation poster.