Universal Exploit Scanner | Is there any demand?

[PremiumCodeX]

Is there any out of the box file scanner around? Is there a demand on BCT of it?

By "out of the box file scanner" I mean a file scanner that searches not only if the file has a suspicious signature in it, but search the internet for the history of the file, looking up user opinions on the file from different sites, checks whether it appears in any article/blog related suspicious behavior and heuristically tries to determine whether it COULD be used for malicious purposes. Then the scanner would collect the information into an organized table.

[Qartersa]

Is there any out of the box file scanner around? Is there a demand on BCT of it?

By "out of the box file scanner" I mean a file scanner that searches not only if the file has a suspicious signature in it, but search the internet for the history of the file, looking up user opinions on the file from different sites, checks whether it appears in any article/blog related suspicious behavior and heuristically tries to determine whether it COULD be used for malicious purposes. Then the scanner would collect the information into an organized table.

It could work. It's nice because we can trace scam events similar to how we do it here on the forums. Knowing if some user (or person in real life) has scammed somebody is a good info for anyone dealing with anyone. It's like a real world trust rating. However, I don't think it's possible yet. As there not much people who upload a signed document/contract. Probably in the future where almost all the documents will be electronic. That's my opinion in the matter.

[TheButterZone]

Sounds a lot like https://www.virustotal.com/

[avatar_kiyoshi]

I think it will be good, especially nowadays to much site which place suspicious things on the site.
This app/project looks like virustotal but if you have plan to collect information features about the site/file which where is exist and there's no false scan features it will be awesome.

[PremiumCodeX]

I think it will be good, especially nowadays to much site which place suspicious things on the site.
This app/project looks like virustotal but if you have plan to collect information features about the site/file which where is exist and there's no false scan features it will be awesome.

Thank you for your responses! A major difference between VirusTotal and my project is that, VirusTotal tells if a file has malicious signature in it, but does not provide information if there is vulnerability in the software while my project will be able to search DBs for vulnerabilities and tell if a vulnerability of the software was released / being sold somewhere.

[Joel_Jantsen]

Thank you for your responses! A major difference between VirusTotal and my project is that, VirusTotal tells if a file has malicious signature in it, but does not provide information if there is vulnerability in the software while my project will be able to search DBs for vulnerabilities and tell if a vulnerability of the software was released / being sold somewhere.

And what if you have no information about a particular file in the database ? Let's assume I put a malware inside a zip file and upload only at one of the file sharing sites and share it with one person.What does your project has to offer for the "link" scanned ?

[PremiumCodeX]

Thank you for your responses! A major difference between VirusTotal and my project is that, VirusTotal tells if a file has malicious signature in it, but does not provide information if there is vulnerability in the software while my project will be able to search DBs for vulnerabilities and tell if a vulnerability of the software was released / being sold somewhere.

And what if you have no information about a particular file in the database ? Let's assume I put a malware inside a zip file and upload only at one of the file sharing sites and share it with one person.What does your project has to offer for the "link" scanned ?

"So there is nothing new under the sun" said by the wise Ecclesiastes.

The answer is heuristical decision support with information about the past, current and probable trends. Even if the particular file isn't in any exploit DB, similar files usually occur with similar vulnerabilities. If the file is very similar to a vulnerable other file, it should be tested against the other file's vulnerabilities.