This repository contains the database files, the generation scripts and the web server for the malware databases used in the FOSS android antivirus Hypatia.
This is a manual mirror and backup generator of https://codeberg.org/MaintainTeam/HypatiaDatabases which generates the default databases.
This repo has several branches. The main branch contains the code used to generate the databases. The unsigned branch contains the generated databases, before they are signed. From here, this branch is checked out by a self-hosted CI and signed with our key, and pushed to the gh-pages branch where it is deployed.
- ESET Indicators of Compromise (IOC's)
- ThreatView Malware Databases
- ThreatFox
- Malware Bazzar
- CyberCure
- SaneSecurity
- Signature Base
- Divested Computing Group's Domain Blocklists
The databases are generated on GitHub's and Codeberg's CI. We utilize a fork of Divest Mobile's database generator to sort the database files, aggregate the hashes, and then create Bloom Filters from them. Then, GitHub/Codeberg Pages are used to publish the files online.
Development work is done on GitHub, Codeberg is only a mirror.
We are always looking for new sources to add to our databases, so if you come across one that you believe could work, please either create an issue with the link to the source, and it's copyright, or if you can, submit a pull request to add it to the GitHub actions file.
If adding a new source, the general proccess is:
- Download the source to the
/various/vendordirectory. - Proccess the file(s) to extract the hashes, and if applicable the malware description.
- Combine the name and hash (
hash:0:name/description) and add them to a file with the appropriate extension. - Move the resulting file to the
/raw/vendordirectory.