saferwall v0.1.1 releases: an open source malware analysis platform


Saferwall is an open-source malware analysis platform.

It aims for the following goals:

  • Provide a collaborative platform to share samples among malware researchers.
  • Acts as a system expert, to help researchers generate an automated malware analysis report.
  • Hunting platform to find new malwares.
  • Quality ensurance for signature before releasing.


  • Static analysis:
    • Crypto hashes, packer identification
    • Strings extraction
  • Multiple AV scanner which includes major antivirus vendors:
    Vendors status Vendors status
    Avast ✔️ FSecure ✔️
    Avira ✔️ Kaspersky ✔️
    Bitdefender ✔️ McAfee ✔️
    ClamAV ✔️ Sophos ✔️
    Comodo ✔️ Symantec ✔️
    ESET ✔️ Windows Defender ✔️

Current architecture / Workflow:

Here is a basic workflow which happens during a file scan:

  • Frontend talks to the backend via REST APIs.
  • Backend uploads samples to the object storage.
  • Backend pushes a message into the scanning queue.
  • Consumer fetches the file and copy it into to the nfs share avoiding to pull the sample on every container.
  • Consumer calls asynchronously scanning services (like AV scanners) via gRPC calls and waits for results.

Changelog v0.1


  • ML PE classifier(private) and string ranker.
  • docker-compose and .devcontainer to ease development.
  • A portable executable (PE) file parser.
  • A UI for displaying PE parsing results.
  • gib: a package to detect gibberish strings.
  • bytestats: a package that implements byte and entropy statistics for binary files.
  • cli utility to interact with saferwall web apis.
  • sdk2json: a package to convert Win32 API definitions to JSON format.


  • Consumer docker image is separated to a base image and an app image.
  • Refactor consumer and make it a go module.
  • [Helm] reduce minio MEM request, ES and Kibana CPU request to half a core.
  • [Helm] bump chart dependency modules.
  • [pkg/consumer] add context timeout to multiav scan gRPC API.
  • Move the website, the dashboard and the web apis projects to a separate git repos.
  • Improvement in CI/CD pipeline: include code coverage, test only changed modules & running custom github action runners.


Copyright (C) 2018 saferwall

Related Articles

Trả lời

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Back to top button