Supported Analyzers

Here is the list of analyzers that are bundled with IRMA.


Probe Name Anti-Virus Name Platform
ASquaredCmdWin Emsisoft Command Line Microsoft Windows CLI
AvastCoreSecurity Avast Core Security GNU/Linux CLI
AVGAntiVirusFree AVG GNU/Linux CLI
AviraWin Avira Microsoft Windows CLI
BitdefenderForUnices Bitdefender GNU/Linux CLI
ClamAV ClamAV GNU/Linux CLI
ComodoCAVL Comodo Antivirus for Linux GNU/Linux CLI
DrWeb Dr.Web GNU/Linux CLI
EScan eScan GNU/Linux CLI
EsetFileSecurity Eset File Security GNU/Linux CLI
FProt F-Prot GNU/Linux CLI
FSecure F-Secure GNU/Linux CLI
GDataWin G Data Antivirus Microsoft Windows CLI
Kaspersky Kaspersky File Server GNU/Linux CLI
KasperskyWin Kaspersky Internet Security Microsoft Windows CLI
McAfeeVSCL McAfee VirusScan Command Line GNU/Linux CLI
McAfeeVSCLWin McAfee VirusScan Command Line Microsoft Windows CLI
Sophos Sophos GNU/Linux CLI
SophosWin Sophos Endpoint Protection Microsoft Windows CLI
SymantecWin Symantec Endpoint Protection Microsoft Windows CLI
VirusBlokAda VirusBlokAda GNU/Linux CLI
Zoner Zoner Antivirus GNU/Linux CLI

External analysis platforms

Probe Name Analysis Platform Description
ICAP ICAP Query an ICAP server
VirusTotal VirusTotal Report is searched using the sha256 of the file which is not sent

File database

Probe Name Database Description
NSRL National Software Reference Library collection of digital signatures of known, traceable software applications


Probe Name Description
LIEF PE/ELF File analyzer
PEiD PE File packer analyzer
TrID File type identification
StaticAnalyzer PE File analyzer adapted from Cuckoo Sandbox
Yara Checks if a file match yara rules