______ _ _____ __ _
| ____| | | | __ \ / _| | |
| |__ __ _| | ___ ___ _ __ | | | | ___| |_ ___ _ __ __| | ___ _ __
| __/ _` | |/ __/ _ \| '_ \ | | | |/ _ \ _/ _ \ '_ \ / _` |/ _ \ '__|
| | | (_| | | (_| (_) | | | | | |__| | __/ || __/ | | | (_| | __/ |
|_| \__,_|_|\___\___/|_| |_| |_____/ \___|_| \___|_| |_|\__,_|\___|_| This project is a robust antivirus software implemented in Python. It leverages YARA rules to detect malicious files within the system and provides options to quarantine, delete, or move them to a specified folder.
This project is a comprehensive antivirus tool designed to scan directories, files, and drives for potential threats using YARA signatures. It offers essential functionalities such as quarantine and deletion of identified malicious files, all through a simple command-line interface.
- YARA Rule-Based Scanning: Utilizes custom YARA rules to identify malicious files based on defined signatures.
- Quarantine Functionality: Moves detected threats to a designated quarantine folder for further analysis or removal.
- Command-Line Interface: Provides an intuitive CLI for users to initiate scans and manage detected threats.
- Periodic Scanning: Supports automated periodic scans based on user-configurable settings.
- Ensure Python is installed on your computer.
- Install required dependencies using
pip install -r requirements.txt
Follow the command-line prompts to select scanning options and directories.
Customize periodic scan settings by modifying variables in the main script.
- YARA: For malware signature detection in files.
- colorama: For adding colors to the command-line interface.
- progressbar: For displaying progress bars during the scanning process.
- PyFiglet: For rendering stylized text in large fonts.
- YARA: Malware detection engine using custom rules.
- colorama: Library for terminal text coloring.
- progressbar: Tool for displaying progress bars in the console.
- PyFiglet: Library for generating ASCII art text.
To clone this repository and run the antivirus software locally, follow these steps:
- Open a terminal or command prompt on your computer.
- Navigate to the directory where you want to clone the repository.
- Use the following command to clone the repository:
https://github.com/AyhamAsfoor/Falcon_Defender/blob/main/Falcon_Defender.pyOnce the repository is cloned, navigate into the project directory:
cd <repalce_project_directory>
Tip
Follow the instructions in the How to Use section of the README to install dependencies and execute the antivirus software.
Important
If you have any issues, please don't be shy to get in touch with me.
graph TD;
Falcon_Defender_Project-->Service_1_Browse;
Service_1_Browse-->Services;
Falcon_Defender_Project-->Service_2_Path;
Falcon_Defender_Project-->Service_3_Drive;
Service_3_Drive-->Get_Drive;
Falcon_Defender_Project-->Service_4_Periodic;
Service_4_Periodic-->Initial_Main;
Initial_Main-->Timer;
Timer-->Initial_Main;
Timer-->Main;
Services-->|Directory| Main;
Services-->|File| Main;
Service_2_Path-->Main;
Get_Drive-->Main;
Main-->Get_OS_Type;
Get_OS_Type-->Get_Rule_Dir;
Get_Rule_Dir-->MK_Dict;
Data_Base_of_Signature-->MK_Dict;
MK_Dict-->Parse_Yara_File;
Parse_Yara_File-->|Directory| DIR_Search;
Parse_Yara_File-->|File| Yara_Sig_Check;
DIR_Search-->Write_File;
Yara_Sig_Check-->quarantine_file;
quarantine_file-->|Directory| Write_File;
Yara_Sig_Check-->|If the file is not malicious| False;
quarantine_file-->|If the file is malicious| True;
Write_File-->Report_txt[Report.txt];
Write_File-->Result[Result];
style Falcon_Defender_Project fill:#25940f;
style Service_1_Browse fill:#010f76;
style Service_2_Path fill:#010f76;
style Service_3_Drive fill:#010f76;
style Service_4_Periodic fill:#010f76;
style Data_Base_of_Signature fill:#f58200;
style Report_txt fill:#ac270b;
style Result fill:#ac270b;
style True fill:#ac270b;
style False fill:#0b74ac;
This project is licensed under the Apache License 2.0. You can find the full text of the license in the LICENSE file.
