search

Len-Stevens / Python-Antivirus

A simple antivirus coded in python capable of scanning selected files and deleting files that it detects as infected. This antivirus uses a large list of MD5, SHA1 and SHA256 malware hashes (many of which coming from this repo - https://github.com/Len-Stevens/MD5-Malware-Hashes) to determine infections. However as this project progresses I would like to implement machine learning detection with the long term goal of becoming a fully functioning antivirus. All Donations in Cryptocurrency are highly appreciated: Bitcoin: bc1qgnvw4x7w4m7uhafdne7seu4fvs73m44v9fu3ng Monero: 42xCsURykTQGqz6Kmy4rBm4ZVEpGv5NhcRFrqbgQZ3FzTXeFe9nzNjYCBzU7yMSGMqVzrHfNoMBfYfoALQcc69VtGNQeRWE Dogecoin: DD3rtFFBfusJSDmP8cmVp3X5Jq688B49gs Thank You! :)
GNU General Public License v3.0
88 stars 23 forks source link

Use an .exe instead of a .py #25

Open Rieidi opened 1 year ago

Rieidi commented 1 year ago

It would be better because the file will be independent of the modules to be installed this can be done with this command: python.exe -m PyInstaller --onefile filename.py After that the file will be in the dist And a full disk check can be done with this code: You will have to put the file instead of the written hashes inside the code and translate it I am also trying to develop my antivirus in python... `import os import hashlib from pyuac import main_requires_admin

virus_data = { "viruses": [ { "name": "MEMEZ", "hashes": { "SHA256": "3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42" }, "description": "Memz é um vírus de computador fictício conhecido por disseminar memes maliciosos." }, { "name": "LOVEYOU.VBS", "hashes": { "SHA256": "5d8c6cc0a479db4ab427dbd68fc4e2096ab4a570ebe4f730b22ca18bee81c773" }, "description": "Vírus LOVEYOU.VBS, também conhecido como ILOVEYOU, é um vírus de computador de email malicioso." } ] }

def check_for_virus(file_path, virus_data): try:

Verifica se o arquivo tem extensão .exe, .dll, .bat, ou .vbs

    if file_path.lower().endswith((".exe", ".dll", ".bat", ".vbs")):
        # Calcula o SHA256 do arquivo
        arquivo_sha256 = hashlib.sha256()
        with open(file_path, "rb") as f:
            for pedaco in iter(lambda: f.read(4096), b""):
                arquivo_sha256.update(pedaco)

        # Verifica se o SHA256 está na lista de hashes de vírus conhecidos
        for virus in virus_data["viruses"]:
            if arquivo_sha256.hexdigest() in virus["hashes"].values():
                return True
except OSError:
    # Ignorar arquivos ou pastas protegidos que não podem ser abertos
    pass

return False

def scan_drive(drive_path, virus_data): print(f"Verificando arquivos no disco {drive_path}...") arquivos_limpos = [] arquivos_infectados = []

for root, _, files in os.walk(drive_path):
    for file in files:
        file_path = os.path.join(root, file)
        if check_for_virus(file_path, virus_data):
            arquivos_infectados.append(file_path)
            try:
                os.remove(file_path)
                print(f"Arquivo infectado removido: {file_path}")
            except OSError as e:
                print(f"Erro ao remover o arquivo {file_path}: {e}")
        else:
            arquivos_limpos.append(file_path)

if arquivos_limpos:
    print("Arquivos limpos:")
    for arquivo in arquivos_limpos:
        print(arquivo, "está limpo.")
else:
    print("Nenhum arquivo limpo foi encontrado.")

@main_requires_admin def main(): scan_drive("C:\", virus_data) # Varre o disco C:

if name == "main": main() `

cookie0o commented 1 year ago

I think a even better way and what I wanted to do for the last weeks is to scan files using shared c (.so) I already tested it on a side project and for large/many files it´s really fast where talking 10sec. raw py to 0-1sec. reading time here sadly I wasnt able to implement it jet since I had no time.

Rieidi commented 1 year ago

I think a even better way and what I wanted to do for the last weeks is to scan files using shared c (.so) I already tested it on a side project and for large/many files it´s really fast where talking 10sec. raw py to 0-1sec. reading time here sadly I wasnt able to implement it jet since I had no time.

unfortunately yes C is faster than python because python is an interpreted language there are ways to compile the code to make it faster, but I'll stick with pure python. The code I sent you doesn't take long because it scans specified files, but if they were all it might take a while.

cookie0o commented 5 months ago

I think a even better way and what I wanted to do for the last weeks is to scan files using shared c (.so) I already tested it on a side project and for large/many files it´s really fast where talking 10sec. raw py to 0-1sec. reading time here sadly I wasnt able to implement it jet since I had no time.

unfortunately yes C is faster than python because python is an interpreted language there are ways to compile the code to make it faster, but I'll stick with pure python. The code I sent you doesn't take long because it scans specified files, but if they were all it might take a while.

I´m done, the project witch uses C to scan is finally ready. Here if you want to try it.

Rieidi commented 5 months ago

Good, now you need a dynamic hash update.