http://www.clamav.net/lang/en/
On Sun, May 5, 2013 at 11:46 AM, Andri Herumurti <vynx_1...@yahoo.com> wrote: > Hi Andres, > > i try to search backend malware scanner but i didnt find that you mean, > can you help URL for that? > > Regards, > Andri > > From: Andres Riancho <andres.rian...@gmail.com> > To: Andri Herumurti <vynx_1...@yahoo.com>; > "w3af-develop@lists.sourceforge.net" <W3af-develop@lists.sourceforge.net> > Sent: Sunday, May 5, 2013 8:43 PM > Subject: Re: [W3af-develop] W3af pass file to anti malware > > Andri, > > On Sun, May 5, 2013 at 12:33 AM, Andri Herumurti <vynx_1...@yahoo.com> > wrote: >> Hi Andres, > > Please reply to all, keep the w3af-develop in the loop! > >> Thanks, >> Do you have developer guide to create plugin for w3af ? >> >> Maybe you have some that you not share public also ok if you dont mind :) > > No, sorry, don't have a guide for that yet, but if you want to create > a grep plugin you can just copy+paste from: > > https://github.com/andresriancho/w3af/blob/master/plugins/grep/cross_domain_js.py > > https://github.com/andresriancho/w3af/blob/master/plugins/grep/private_ip.py > > https://github.com/andresriancho/w3af/blob/master/plugins/grep/xss_protection_header.py > > If you create this plugin, please use a "backend malware scanner" > which is open source, freely available, well supported and GPLv2 > license compatible. > > Regards, > >> Regards >> Andri >> >> On 5 Mei 2013, at 09:53, Andres Riancho <andres.rian...@gmail.com> wrote: >> >>> Andri, >>> >>> On Sat, May 4, 2013 at 8:29 PM, Andri Herumurti <vynx_1...@yahoo.com> >>> wrote: >>>> Hi Andres, >>>> >>>> It would be a great feature. >>>> Since it also can make integration with other solutions, >>>> Anyway may i know estimation when you will implement it? >>> >>> Any day between tomorrow and 2057 :) It is not something I'm >>> particularly interested in, so... I can't promise anything. What I can >>> promise you is that if you work on it and send me a pull-request [0] >>> I'll review it in less than three working days :) >>> >>> [0] https://github.com/andresriancho/w3af/wiki/Contributing-101 >>> >>> Regards, >>> >>>> Regards >>>> Andri >>>> >>>> On 5 Mei 2013, at 00:26, Andres Riancho <andres.rian...@gmail.com> >>>> wrote: >>>> >>>>> Andri, >>>>> >>>>> On Sat, May 4, 2013 at 10:47 AM, Andri Herumurti <vynx_1...@yahoo.com> >>>>> wrote: >>>>>> Dear all, >>>>>> >>>>>> It is possible to pass file that currently scanning by w3af to anti >>>>>> malware/anti virus to scan ? >>>>>> Since currently there is some file like java that content >>>>>> malware/infected. >>>>> >>>>> 100% possible, but it hasn't been implemented yet (at least not >>>>> that I know of). I would do it in a grep plugin. >>>>> >>>>> The problem I see here is that the antivirus/malware scan would >>>>> take some time to run, potentially slowing down (in a noticeable way) >>>>> the whole scan. There are ways to get around that, like for example >>>>> only analyzing http responses which are of a certain mime type, or >>>>> reading the file's magic using [0] >>>>> >>>>> [0] http://en.wikipedia.org/wiki/File_(command)#Libmagic_library >>>>> >>>>>> Regards >>>>>> Andri >>>>>> >>>>>> ------------------------------------------------------------------------------ >>>>>> Get 100% visibility into Java/.NET code with AppDynamics Lite >>>>>> It's a free troubleshooting tool designed for production >>>>>> Get down to code-level detail for bottlenecks, with <2% overhead. >>>>>> Download for free and get started troubleshooting in minutes. >>>>>> http://p.sf.net/sfu/appdyn_d2d_ap2 >>>>>> _______________________________________________ >>>>>> W3af-develop mailing list >>>>>> W3af-develop@lists.sourceforge.net >>>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>>> >>>>> >>>>> >>>>> -- >>>>> Andrés Riancho >>>>> Project Leader at w3af - http://w3af.org/ >>>>> Web Application Attack and Audit Framework >>>>> Twitter: @w3af >>>>> GPG: 0x93C344F3 >>> >>> >>> >>> -- >>> Andrés Riancho >>> Project Leader at w3af - http://w3af.org/ >>> Web Application Attack and Audit Framework >>> Twitter: @w3af >>> GPG: 0x93C344F3 > > > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2 _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
