Setup
First, we need a windows instance with an antivirus. We use avred-server as interface to this antivirus on a Windows host.
Lets install and configure avred-server on windows VM 1.1.1.1:9001. Follow install instructions on avred-server README.
Once you have this and its working properly (use curl 1.1.1.1:9001/test), you can setup avred:
- Configure your server IP in config.yaml (eg “amsi”: “1.1.1.1:9001”)
- Test it by scanning a file with: ./avred.py –file test.ps1 –server amsi
It should look like this:
How to Use
As a web server:
$ python3 avredweb.py --listenip 127.0.0.1 --listenport 8080
If you dont want that every user is able to see every uploaded file, set password in config.yaml in key password, use username admin.
From command line:
$ python3 avred.py --server amsi --file app/upload/evil.exe
File and Directory structure
I am team NO-DB. Only files.
File nomenclature:
- file.exe: The file you want to scan
- file.exe.log: All log output of the scanning (with –logtofile)
- file.exe.outcome: Pickled Outcome data structure with all further information
- file.exe.pdb: If you have debug symbols
For the webapp, files are uploaded to app/uploads/.
Docker
Build:
$ podman build -t avred .
run:
$ podman run -p 9001:5000 -e "server=http://1.1.1.1:8001" --name avred -d avred
run with upload directory mounted:
$ podman run -p 9001:5000 -e "server=http://1.1.1.1:8001" -v $HOME/avred-uploads:/opt/avred/app/upload/ --name avred -d avred