• Mixes both static and dynamic file scanning
• Built on top of existing AV databases & tools
• Experimental modules
• Large signature database
• The tool is still early in development

• Scans using Yara & File signatures
• SQLite for database storage
• Automatically updates from ClamAV's DB, Malware Bazaar, VirusShare, Yaraify & Yara
  • You need to manually update AV itself though, the software will not self-update, only the signatures and scanning dependencies

• Install the latest JRE (Must be on Java 8 or higher)
• Download the latest release
• Run the latest release
  • You'll have to wait for the initial download to finish before you can scan
  • Due to the signature database size this can be up to an hour
• Report all issues here

• Use the tray to access the various GUIs
  • Scanner
  • Settings
  • Quarantine

• Drag and drop any folder or file you want to scan
• Full scan will scan all of your drives and files, this requires admin elevated rights for a deep scan but works without it
• Quick scan will scan all active processes, start-up locations & other well known locations
• Specific scan will prompt a file selection dialogue - select any file or folder from here

• Open the quarantine from the tray
• Review the file-paths by hovering over the file-name to verify the file isn't a false positive

• Java 8 (Later versions also work)
• Windows 11 (Earlier versions also work)
  • Linux / Mac support works but has limited feature set
    • Experimental VM Mimic is currently windows only

• File Signature Scanning comes from Traditional-Antivirus
  • File signatures database come from ClamAV's DB, Malware Bazaar, VirusShare
• Yara Scanning comes from Yara-Antivirus
  • Yara integration is powered by Yara CLI
  • Yara database come from Yaraify
• Experimental VM Mimic comes from Experimental-Antivirus
  • Experimental VM Mimic process names Fake-Sandbox-Artifacts

• Use in combination with Windows Defender or another trusted Antivirus
• Quarantine does not actually quarantine - Until we can rule out false positives from the yara rules we probably won't have a realtime quarantine
  • Instead, we have a passive quarantine that requires the user to decide if they want to remove the files or not

Scanning GUI with Quarantine GUI

Scanning GUI

Quick scanning

Settings GUI with toggling the scanning options

Settings GUI

Startup after fully installed

Downloading dependencies announcements

Tray navigation