SPIRE: Building antivirus using rust Part: 1

Tokyo-09

Spire

Introduction

The SPIRE project is hosted on my GitHub repository.

Spire Logo

SPIRE is being developed as a robust malware protection solution for both Linux and Windows, aimed at protecting end users from known malware and threats.

Motivation

  • Purpose of the Project: Initially, my goal was to create a firewall to deepen my understanding of the Rust programming language. While exploring relevant resources, I frequently encountered publications from antivirus companies, which piqued my interest. This led me to pivot towards developing my own antivirus software. Given the scarcity of open-source projects and resources on this topic on GitHub and elsewhere, I decided to contribute to this domain by building a novel solution.
  • Choice of Rust: My primary objective was to enhance my proficiency in the Rust programming language, known for its performance and safety features.
  • Use of Multiple Languages : While Rust offers significant advantages, creating comprehensive graphical user interface (GUI) applications with it currently poses challenges. Consequently, I selected Python for developing the user interface due to its simplicity and accessibility. For server-side development, I chose Go for its efficiency and suitability for my requirements.

Project Roadmap

SPIRE is under active development, with ongoing updates and refinements. Progress can be tracked via my GitHub Kanban board, where all tasks are meticulously documented, or through the detailed feature list below.

Planned Features

Client

  1. Transmit suspicious files to the server for detailed analysis [ ]
  2. Log activities, collect system data, and send it to the server [ ]
  3. Enable automatic database updates from the server [ ]
  4. Implement configuration management [ ] …

Core

  1. Scan specified directories for threats [ X ]
  2. Perform scans using YARA rules [ X ]
  3. Conduct behavioral analysis of files [ ]
  4. Enable real-time monitor mode [ ]
  5. Implement TCP/IP filtering for malicious hosts and ports [ ]
  6. Scan newly created files on disk for static Indicators of Compromise (IOCs) [ ]
  7. Analyze newly created files for Import Address Table (IAT) patterns [ ]
  8. Execute files in a sandbox upon detection of an executable launching from the kernel [ ] …

Server

  1. Develop cloud-based file scanning capabilities [ ]
  2. Create a basic website and API for the application [ ] …

Conclusion

I am highly enthusiastic about the potential of the SPIRE project, as the field of antivirus protection captivates my interest, and I am committed to its continued development. This blog serves to document the development process comprehensively, capturing both the progress made and the challenges encountered.

If you have any suggestions or feedback, please feel free to reach out to me via Twitter or GitHub.⏎