Is your site spreading malware?

Posted by:

A feature request appeared on our IRC, private conversations and mailing lists once every year or so: “I want to be able to detect if my site is spreading malware”. Last week it appeared again and this time it was implemented, so for your enjoyment I give you w3afClamAV integration.

The basic idea is simple, w3af crawls the target site and sends all HTTP response bodies to ClamAV (using the clam daemon) for analysis. If ClamAV finds something in that stream we’ll parse it and show it to you in the report.


Before this gets to the master branch I would like you to test it and report any bugs or improvements. Follow these steps to help us improve:

git clone [email protected]:andresriancho/w3af.git
cd w3af
git checkout feature/clam
git pull
./w3af_console # Install the new clamd dependency using pip

# Install clamd in your system (this is for ubuntu):
sudo apt-get install clamav-daemon clamav-freshclam clamav-unofficial-sigs
sudo freshclam
sudo service clamav-daemon start

Then, run a scan against your site using the new grep.clamav plugin. Remember that for the grep plugin to analyze your site, you need to activate a crawl plugin like web_spider.

If you want to test with something “real”, remember you can use the EICAR test binary. Happy testing!


The implementation of this new plugin was fairly simple due to the excellent clamd python module and the pre-existing features available in the w3af framework.


About the Author:

Web Application Security Innovator, Researcher and Entrepreneur. Python Hacker.
  Related Posts