Samba-VirusFilter alternatives

Malice is a malware analysis that wants to provide a free and open source version of VirusTotal. The goal of Malice is to make it usable by both independent researchers up to fortune 500 companies.

Malice is useful for those that do malware analysis or deal with user-generated files that may contain malware. The framework allows scanning files and directories to see if they are infected.

SMBMap allows scanning of file resources that are shared with the SMB protocol. The tool will list share drives, drive permissions, the share contents, upload/download functionality, file name auto-download pattern matching, and even execute remote commands. The tool was created for pentesters to simplify finding sensitive data, or at least test for it.

Since 1992, Samba provides file and print services based on the server message block (SMB) protocol. This protocol was released by Microsoft as part of the open specifications.

Samba helps with interoperability between systems running Microsoft Windows and those running one of the flavor of Unix like Linux. The toolkit allows systems to become part of the Active Directory environment and join a domain controller or domain member.

ClamAV is a popular tool to detect malicious software or malware. While it calls itself an antivirus engine, it probably won't encounter many viruses, as they have become rare. It is more likely to find other forms of malware like worms, backdoors, and ransomware. ClamAV can be used in a few ways, from doing an occasional scan up to scanning in batch. ClamAV does not do on-access scanning but can be combined with other tools to obtain similar functionality. ClamAV is often used to support scanning incoming emails for malicious content.

Malscan is a tool to scan for malicious software (malware) such as viruses, worms, and backdoors. Its goal is to extend ClamAV with more scanning modes and signatures. It targets web servers running Linux, but can also be used on mail servers and desktops.

YARA is a tool to identify and classify malware samples. It uses textual or binary patterns to match data, combined with a boolean expression to define a match. YARA is multi-platform, can be used via a command-line interface or via Python scripts using the yara-python extension.