Supported Analyzers¶
Here is the list of analyzers that are bundled with IRMA.
Antiviruses¶
Probe Name | Anti-Virus Name | Platform |
---|---|---|
ASquaredCmdWin | Emsisoft Command Line | Microsoft Windows CLI |
AvastCoreSecurity | Avast Core Security | GNU/Linux CLI |
AVGAntiVirusFree | AVG | GNU/Linux CLI |
AviraWin | Avira | Microsoft Windows CLI |
BitdefenderForUnices | Bitdefender | GNU/Linux CLI |
ClamAV | ClamAV | GNU/Linux CLI |
ComodoCAVL | Comodo Antivirus for Linux | GNU/Linux CLI |
DrWeb | Dr.Web | GNU/Linux CLI |
EScan | eScan | GNU/Linux CLI |
EsetFileSecurity | Eset File Security | GNU/Linux CLI |
FProt | F-Prot | GNU/Linux CLI |
FSecure | F-Secure | GNU/Linux CLI |
GDataWin | G Data Antivirus | Microsoft Windows CLI |
Kaspersky | Kaspersky File Server | GNU/Linux CLI |
KasperskyWin | Kaspersky Internet Security | Microsoft Windows CLI |
McAfeeVSCL | McAfee VirusScan Command Line | GNU/Linux CLI |
McAfeeVSCLWin | McAfee VirusScan Command Line | Microsoft Windows CLI |
Sophos | Sophos | GNU/Linux CLI |
SophosWin | Sophos Endpoint Protection | Microsoft Windows CLI |
SymantecWin | Symantec Endpoint Protection | Microsoft Windows CLI |
VirusBlokAda | VirusBlokAda | GNU/Linux CLI |
Zoner | Zoner Antivirus | GNU/Linux CLI |
External analysis platforms¶
Probe Name | Analysis Platform | Description |
---|---|---|
ICAP | ICAP | Query an ICAP server |
VirusTotal | VirusTotal | Report is searched using the sha256 of the file which is not sent |
File database¶
Probe Name | Database | Description |
---|---|---|
NSRL | National Software Reference Library | collection of digital signatures of known, traceable software applications |
Metadata¶
Probe Name | Description |
---|---|
LIEF | PE/ELF File analyzer |
PEiD | PE File packer analyzer |
TrID | File type identification |
StaticAnalyzer | PE File analyzer adapted from Cuckoo Sandbox |
Yara | Checks if a file match yara rules |