A feature request appeared on our IRC, private conversations and mailing lists once every year or so: “I want to be able to detect if my site is spreading malware”. Last week it appeared again and this time it was implemented, so for your enjoyment I give you w3af – ClamAV integration.
The basic idea is simple, w3af crawls the target site and sends all HTTP response bodies to ClamAV (using the clam daemon) for analysis. If ClamAV finds something in that stream we’ll parse it and show it to you in the report.
Before this gets to the master branch I would like you to test it and report any bugs or improvements. Follow these steps to help us improve:
git clone firstname.lastname@example.org:andresriancho/w3af.git
git checkout feature/clam
./w3af_console # Install the new clamd dependency using pip
# Install clamd in your system (this is for ubuntu):
sudo apt-get install clamav-daemon clamav-freshclam clamav-unofficial-sigs
sudo service clamav-daemon start
If you want to test with something “real”, remember you can use the EICAR test binary. Happy testing!