The framework for malice blocker.
Malice blocker block malicious data, file or packet.
(For example, antivirus and WAF are malice blocker. )
Please install them before install buckler.
- boost
- yaml-cpp
- armoury(Package manager for buckler)
And now, it support only Linux.
(it will support Windows for the future.)
First, we have to clone from the repository.
$ git clone https://github.com/buckler-project/buckler
$ cd ./bucklerThen run make, and make install.
$ make
$ sudo make installFirst, make projects.
$ mkdir antivirus && cd antivirus
$ armoury install blockerSecond, write source code as below.
// antivirus.cc
#include <iostream>
#include <cstdlib>
#include <buckler/buckler.hpp>
#include <buckler/base.hpp>
int main(int argc, char* argv[]) {
if (argc < 1) {
std::cerr << "[err] argument not found." << std::endl;
std::exit(1);
}
std::vector<unsigned char> buffer = {};
std::fstream fs;
fs.open(argv[1], std::ios::in | std::ios::binary);
char data;
if (fs.fail()) {
std::cerr << "failed to open file\n" << std::endl;
std::exit(1);
}
while(!fs.eof()){
fs.read(&data, sizeof(char));
buffer.push_back(data);
}
buffer.pop_back();
// make target
auto target = buckler::Target(buffer);
auto buckler = buckler::Buckler(target);
// load
buckler.Load();
// scan
auto result = buckler.Scan();
if (result.has_hit) {
std::cout << "`" << argv[1]
<< "` is malware." << std::endl;
} else {
std::cout << "`"<< argv[1]
<< "` is not malware." << std::endl;
}
}And build it.
g++ -lpthread -lboost_system -lboost_filesystem -lyaml-cpp -ldl -lbuckler -g -Wall -std=c++17 -fPIC ./antivirus.cc -o ./antivirus Then install packages of scanner and signature.
(The scanners will have been auto configurated.)
echo "y" | armoury install signature buckler-project/sample-signatureRun command to run antivirus.
./antivirus TARGET_FILEIf your TARGET_FILE's hash hits signature file ./antivirus, say hits.