While I was listening to music yesterday evening I decided to do some fiddling in an Ubuntu VM, just to give my hands had something to do. I ended up writing a small bash script called "Cloudy" that works as a cloud-scanner for malware. Cloud meaning it has no locally stored definitions. Basically, the way it works is you tell Cloudy what file to check, it hashes the file using SHA-256, searches for that checksum on VirusTotal.com, and outputs the detection ratio listed on VirusTotal.com, which allows the user to decide if they want to trust the file. As you can see it's very basic, and not overly useful, but considering it was thrown together in an evening it's kinda cool. It should work on a variety of distros, provided you install it's dependencies, but I built it on Ubuntu 14.04 Desktop 64bit, so that's all I've tested it with. This is a testing release, so it could have bugs. I have no plans to continue working on it or testing it at this time. Anyways, I thought I'd share the download link for anyone whom is interested.
Install Cloudy 0.17 Testing:
1. Download the text file from:
2. Copy the code between the
[quote][/quote]sections into a new file, and save as "cloudy". It doesn't matter where you save it. I saved mine in my user's home folder (eg: /home/example1/cloudy).
3. Install the following dependencies: Sed, Lynx, and Coreutils. The manner in which you do this will vary from distro to distro. Both Sed and Coreutils are pre-installed on Ubuntu. On Ubuntu and Ubuntu derivatives these can all be installed by typing In terminal:
sudo apt-get install sed coreutils lynx
1. In terminal type:
bash /directory/cloudy(Substitute "/directory/" for the path to where the "Cloudy" file is saved.)
Not all files are listed on VirusTotal.com, obviously. In that case you'll get an output saying the file couldn't be found in the database. If the file is found you'll get something like # / #. The first number represents the number of virus scanners that detected the file as dangerous, the second number represents the number of scanners that the file has been scanned with. Ideally you want to see 0 / #.
I submitted a copy of Cloudy (the actual script, not the text file) to VirusTotal.com, you can view that here, or scan Cloudy with itself .
Edited by Al1000, 03 September 2016 - 12:25 AM.
delete download link