Skip to content
/ sentinalcore Public

Lightweight Antivirus + Sandboxing system based on static and AI checks

License

GPL-3.0 license
3 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

lqSky7/sentinalcore

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

20 Commits
.github/workflows
.github/workflows
Β 
Β 
analysis
analysis
Β 
Β 
detection
detection
Β 
Β 
gui
gui
Β 
Β 
isolation
isolation
Β 
Β 
test_samples
test_samples
Β 
Β 
testing
testing
Β 
Β 
.gitignore
.gitignore
Β 
Β 
LICENSE
LICENSE
Β 
Β 
README.md
README.md
Β 
Β 
poetry.lock
poetry.lock
Β 
Β 
presentation_slides.md
presentation_slides.md
Β 
Β 
pyproject.toml
pyproject.toml
Β 
Β 
requirements.txt
requirements.txt
Β 
Β 
test.txt
test.txt
Β 
Β 

Repository files navigation

SentinalCore

License Python Status

SentinalCore is a comprehensive malware detection and isolation framework designed for Linux systems. It combines multiple detection methods with advanced isolation techniques to identify and contain potential threats.

Features

Malware Detection

SentinalCore uses a multi-layered approach to detect potential threats:

  • ClamAV Integration - Signature-based detection using the established ClamAV antivirus engine
  • File Entropy Analysis - Statistical analysis to identify suspicious encryption or packing
  • VirusTotal API - Cloud-based malware intelligence platform integration
  • LLM-Powered Log Analysis - Advanced system log analysis using large language models
  • File System Scanning - Comprehensive scanning of the user's file system with configurable parameters

Threat Isolation

When threats are detected, SentinalCore can isolate them using:

  • Passive Isolation - Linux namespace separation (PID, mount, network, etc.)
  • Process Containment - Restricting process capabilities and access
  • Network Restriction - Preventing malicious processes from communicating with the network

Technical Overview

Core Components

Detection Engine

  • ClamAV Scanner: Integrates with ClamAV for signature-based detection
  • Entropy Analyzer: Performs statistical analysis to detect suspicious files
  • VirusTotal Client: Interfaces with VirusTotal API for cloud-based detection
  • Log Analyzer: Uses LLM to identify suspicious patterns in system logs

Isolation Framework

  • Namespace-based Isolation: Uses Linux kernel namespaces to isolate processes
  • Resource Limiting: Controls CPU, memory, and network usage for suspicious processes
  • Monitoring Interface: Real-time monitoring of isolated processes

Requirements

- Python 3.10+
- ClamAV (with freshclam)
- BCC (eBPF Compiler Collection)
- Linux kernel 4.15+ (for namespace functionality)

Installation

1. Install dependencies

# Install system dependencies
sudo apt update
sudo apt install clamav clamav-daemon bpfcc-tools python3-dev python3-pip

# Start ClamAV services
sudo systemctl enable clamav-freshclam
sudo systemctl start clamav-freshclam
sudo systemctl enable clamav-daemon
sudo systemctl start clamav-daemon

2. Install SentinalCore

# Clone the repository
git clone https://github.com/username/sentinalcore.git
cd sentinalcore

# Install Python dependencies
pip install -e .

3. Configuration

# Set up API keys (optional but recommended)
export VIRUSTOTAL_API_KEY="your_virustotal_api_key"
export GEMINI_API_KEY="your_gemini_api_key"

Usage

Basic Scanning

# Scan a single file
python detection/main.py --scan-file /path/to/file

# Scan a directory
python detection/main.py --scan-dir /path/to/directory

# Scan home directory
# Scan a directory
python detection/main.py --scan-dir /path/to/directory

# Scan home directory
python detection/main.py --scan-home

# Full system scan with VirusTotal integration
python detection/main.py --full-scan --check-virustotal

Log Analysis

# Analyze system logs for the past hour
python detection/main.py --analyze-logs --log-time 60

# Analyze logs with custom output file
python detection/main.py --analyze-logs --output-file results.json

Advanced Usage

# Perform full system scan with all detection methods
python detection/main.py --full-scan --check-virustotal --analyze-logs --log-time 120 --verbose

πŸ§ͺ Testing

The project includes a comprehensive test suite:

# Run all tests
pytest

# Run specific test module
pytest testing/test_clamav.py

Test data and logs are stored in the testing/logs/ directory.

πŸ’» Development

Project Structure

sentinalcore/
β”œβ”€β”€ detection/          # Detection modules
β”‚   β”œβ”€β”€ clamav_scan.py  # ClamAV integration
β”‚   β”œβ”€β”€ entropy.py      # File entropy analysis
β”‚   β”œβ”€β”€ LLMlogs.py      # Log analysis with LLM
β”‚   β”œβ”€β”€ main.py         # Main detection interface
β”‚   └── virustotalUpload.py  # VirusTotal API client
β”œβ”€β”€ gui/                # GUI interface (under development)
β”œβ”€β”€ isolation/          # Process isolation modules
β”‚   └── passive_isolation.py  # Namespace-based isolation
└── testing/            # Test modules and fixtures
    β”œβ”€β”€ test_*.py       # Test files
    └── logs/           # Sample logs for testing

Contributing

Contributions are welcome! Please feel free to submit a Pull Request.

πŸ“œ License

This project is licensed under the GNU General Public License v3.0 - see the LICENSE file for details.

⚠️ Disclaimer

SentinalCore is designed for security research and legitimate system administration purposes only. Always obtain proper authorization before scanning systems or networks you don't own. The developers are not responsible for any misuse of this software.

πŸ“§ Contact

For questions, feedback, or contributions, please open an issue on the project repository.

SentinalCore: Detect, Isolate, Protect.

About

Lightweight Antivirus + Sandboxing system based on static and AI checks

Resources

Readme

License

GPL-3.0 license
Activity

Stars

3 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages