SentinalCore is a comprehensive malware detection and isolation framework designed for Linux systems. It combines multiple detection methods with advanced isolation techniques to identify and contain potential threats.
SentinalCore uses a multi-layered approach to detect potential threats:
- ClamAV Integration - Signature-based detection using the established ClamAV antivirus engine
- File Entropy Analysis - Statistical analysis to identify suspicious encryption or packing
- VirusTotal API - Cloud-based malware intelligence platform integration
- LLM-Powered Log Analysis - Advanced system log analysis using large language models
- File System Scanning - Comprehensive scanning of the user's file system with configurable parameters
When threats are detected, SentinalCore can isolate them using:
- Passive Isolation - Linux namespace separation (PID, mount, network, etc.)
- Process Containment - Restricting process capabilities and access
- Network Restriction - Preventing malicious processes from communicating with the network
- ClamAV Scanner: Integrates with ClamAV for signature-based detection
- Entropy Analyzer: Performs statistical analysis to detect suspicious files
- VirusTotal Client: Interfaces with VirusTotal API for cloud-based detection
- Log Analyzer: Uses LLM to identify suspicious patterns in system logs
- Namespace-based Isolation: Uses Linux kernel namespaces to isolate processes
- Resource Limiting: Controls CPU, memory, and network usage for suspicious processes
- Monitoring Interface: Real-time monitoring of isolated processes
- Python 3.10+
- ClamAV (with freshclam)
- BCC (eBPF Compiler Collection)
- Linux kernel 4.15+ (for namespace functionality)
# Install system dependencies
sudo apt update
sudo apt install clamav clamav-daemon bpfcc-tools python3-dev python3-pip
# Start ClamAV services
sudo systemctl enable clamav-freshclam
sudo systemctl start clamav-freshclam
sudo systemctl enable clamav-daemon
sudo systemctl start clamav-daemon# Clone the repository
git clone https://github.com/username/sentinalcore.git
cd sentinalcore
# Install Python dependencies
pip install -e .# Set up API keys (optional but recommended)
export VIRUSTOTAL_API_KEY="your_virustotal_api_key"
export GEMINI_API_KEY="your_gemini_api_key"# Scan a single file
python detection/main.py --scan-file /path/to/file
# Scan a directory
python detection/main.py --scan-dir /path/to/directory
# Scan home directory
# Scan a directory
python detection/main.py --scan-dir /path/to/directory
# Scan home directory
python detection/main.py --scan-home
# Full system scan with VirusTotal integration
python detection/main.py --full-scan --check-virustotal# Analyze system logs for the past hour
python detection/main.py --analyze-logs --log-time 60
# Analyze logs with custom output file
python detection/main.py --analyze-logs --output-file results.json# Perform full system scan with all detection methods
python detection/main.py --full-scan --check-virustotal --analyze-logs --log-time 120 --verboseThe project includes a comprehensive test suite:
# Run all tests
pytest
# Run specific test module
pytest testing/test_clamav.pyTest data and logs are stored in the testing/logs/ directory.
sentinalcore/
βββ detection/ # Detection modules
β βββ clamav_scan.py # ClamAV integration
β βββ entropy.py # File entropy analysis
β βββ LLMlogs.py # Log analysis with LLM
β βββ main.py # Main detection interface
β βββ virustotalUpload.py # VirusTotal API client
βββ gui/ # GUI interface (under development)
βββ isolation/ # Process isolation modules
β βββ passive_isolation.py # Namespace-based isolation
βββ testing/ # Test modules and fixtures
βββ test_*.py # Test files
βββ logs/ # Sample logs for testing
Contributions are welcome! Please feel free to submit a Pull Request.
This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.
SentinalCore is designed for security research and legitimate system administration purposes only. Always obtain proper authorization before scanning systems or networks you don't own. The developers are not responsible for any misuse of this software.
For questions, feedback, or contributions, please open an issue on the project repository.
SentinalCore: Detect, Isolate, Protect.