malice
malice copied to clipboard
maliceio
Whether the container will be destroyed
Is your feature request related to a problem? Please describe. Containers are created every scan. When there are a lot of files to be scanned, containers are frequently created and deleted. I think this is a waste of time.
Describe the solution you'd like Can I keep the malice-av container like a c/s server to avoid frequent container creation? Is this feasible? Will scanning files destroy the container?
The initial idea was you are scanning dangerous malware so you would want to throw away the container after every scan. I'm not sure this is true but I had heard that VirusTotals scanners are all VMs the get reverted after a scan to prevent infection. With Docker the containers are all sharing a kernel so if the malware can attack the antivirus and infect the kernel then re-creating the container doesn't offer any extra protection, but it is still better than nothing.
But I agree, if your main concern is speed then keeping the containers around longer would be better. I've designed each AV engine to be stand alone which means you can run them as little micro-services and submit to them via http post. You would have to write an engine to automate submission and storing the results.
I will also add that when have have time to start my complete overhaul of the official Malice engine... some day.
Thank you for your reply, I will probably keep these containers running all the time, and then open a service to send malicious files to them。 Emm,where do you plan to modify?