[PR #189] [CLOSED] new plugin "malware-scan" #188

New issue

Closed

opened 2026-03-02 03:00:22 +03:00 by kerem · 0 comments

kerem commented

2026-03-02 03:00:22 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/bunkerity/bunkerweb-plugins/pull/189
Author: @mkf-sysangels
Created: 1/16/2026
Status: ❌ Closed

Base: dev ← Head: dev

📝 Commits (10+)

ce991a0 initial release
5f5be78 Update .gitignore
4e56a04 Update README.md
d70d28f install script + readme
f29916e added more systems
c5345d9 Update install.md
1886ed8 add sharing - release v0.2
4b9eaa8 catch default values
e6cdd2c caching of files
249e025 Update CACHING.md

📊 Changes

27 files changed (+10833 additions, -0 deletions)

View changed files

➕ .github/workflows/lua-check.yml (+80 -0)
➕ .github/workflows/sbom-upload.yml (+30 -0)
📝 .gitignore (+6 -0)
➕ malware-scan/.luacheckrc (+57 -0)
➕ malware-scan/CACHING.md (+485 -0)
➕ malware-scan/GDPR.md (+697 -0)
➕ malware-scan/LUA_CHECKS.md (+228 -0)
➕ malware-scan/README.md (+443 -0)
➕ malware-scan/SECURITY.md (+192 -0)
➕ malware-scan/TECHNICAL.md (+669 -0)
➕ malware-scan/all-features-enabled.md (+560 -0)
➕ malware-scan/install.md (+578 -0)
➕ malware-scan/install.sh (+275 -0)
➕ malware-scan/malware-scan.lua (+1641 -0)
➕ malware-scan/malware_scan_cache.lua (+1070 -0)
➕ malware-scan/malware_scan_clamav.lua (+402 -0)
➕ malware-scan/malware_scan_file.lua (+733 -0)
➕ malware-scan/malware_scan_multipart_full_scan.lua (+439 -0)
➕ malware-scan/malware_scan_sentinelone.lua (+177 -0)
➕ malware-scan/malware_scan_threatfox.lua (+185 -0)

...and 7 more files

📄 Description

About the plugin

This plugin is a replacement for the existing "clamav" and "virustotal" plugins.

These two original plugins only work with HTTP/1.1 - the HTTP/2 and HTTP/3 uploads are broken.

Description

The plugin malware-scan uses several services to obtain information on uploaded files:

ClamAV scan
abuse.ch - ThreatFox lookup (user needs to register for API key)
virustotal.com lookup (user needs to register for API key)

Terms of service

The TreatFox API can be used for non-commercial and commercial purposes - https://threatfox.abuse.ch/api/#tos
The VirusTotal API terms are described here: https://docs.virustotal.com/reference/public-vs-premium-api

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/bunkerity/bunkerweb-plugins/pull/189 **Author:** [@mkf-sysangels](https://github.com/mkf-sysangels) **Created:** 1/16/2026 **Status:** ❌ Closed **Base:** `dev` ← **Head:** `dev` --- ### 📝 Commits (10+) - [`ce991a0`](https://github.com/bunkerity/bunkerweb-plugins/commit/ce991a0162373c99424676317b4d0dd3f6515aff) initial release - [`5f5be78`](https://github.com/bunkerity/bunkerweb-plugins/commit/5f5be78c661ee63342ebb020bf4164ab108a61d1) Update .gitignore - [`4e56a04`](https://github.com/bunkerity/bunkerweb-plugins/commit/4e56a04692caeaf51e7d27e8d6d8b8daee6cfcb2) Update README.md - [`d70d28f`](https://github.com/bunkerity/bunkerweb-plugins/commit/d70d28f6c1fc538f3b7f03370eba39ca2a6c8127) install script + readme - [`f29916e`](https://github.com/bunkerity/bunkerweb-plugins/commit/f29916e0713f8fb1f89e398666ef8613e4ebb207) added more systems - [`c5345d9`](https://github.com/bunkerity/bunkerweb-plugins/commit/c5345d9753ad82e1d74389f0ce321ea5e0992b19) Update install.md - [`1886ed8`](https://github.com/bunkerity/bunkerweb-plugins/commit/1886ed8074c696240036509a29de6d6d701d7ac2) add sharing - release v0.2 - [`4b9eaa8`](https://github.com/bunkerity/bunkerweb-plugins/commit/4b9eaa8c84609e03d50ec4e10d50cfa812ec9599) catch default values - [`e6cdd2c`](https://github.com/bunkerity/bunkerweb-plugins/commit/e6cdd2c2e056cb47d591ccafcb0d0bf1180e184b) caching of files - [`249e025`](https://github.com/bunkerity/bunkerweb-plugins/commit/249e025c9eecebedc486f821fd3799ec2c770a91) Update CACHING.md ### 📊 Changes **27 files changed** (+10833 additions, -0 deletions) <details> <summary>View changed files</summary> ➕ `.github/workflows/lua-check.yml` (+80 -0) ➕ `.github/workflows/sbom-upload.yml` (+30 -0) 📝 `.gitignore` (+6 -0) ➕ `malware-scan/.luacheckrc` (+57 -0) ➕ `malware-scan/CACHING.md` (+485 -0) ➕ `malware-scan/GDPR.md` (+697 -0) ➕ `malware-scan/LUA_CHECKS.md` (+228 -0) ➕ `malware-scan/README.md` (+443 -0) ➕ `malware-scan/SECURITY.md` (+192 -0) ➕ `malware-scan/TECHNICAL.md` (+669 -0) ➕ `malware-scan/all-features-enabled.md` (+560 -0) ➕ `malware-scan/install.md` (+578 -0) ➕ `malware-scan/install.sh` (+275 -0) ➕ `malware-scan/malware-scan.lua` (+1641 -0) ➕ `malware-scan/malware_scan_cache.lua` (+1070 -0) ➕ `malware-scan/malware_scan_clamav.lua` (+402 -0) ➕ `malware-scan/malware_scan_file.lua` (+733 -0) ➕ `malware-scan/malware_scan_multipart_full_scan.lua` (+439 -0) ➕ `malware-scan/malware_scan_sentinelone.lua` (+177 -0) ➕ `malware-scan/malware_scan_threatfox.lua` (+185 -0) _...and 7 more files_ </details> ### 📄 Description ### About the plugin This plugin is a replacement for the existing "clamav" and "virustotal" plugins. These two original plugins only work with HTTP/1.1 - the HTTP/2 and HTTP/3 uploads are broken. ### Description The plugin malware-scan uses several services to obtain information on uploaded files: - ClamAV scan - abuse.ch - ThreatFox lookup (user needs to register for API key) - virustotal.com lookup (user needs to register for API key) ### Terms of service - The TreatFox API can be used for non-commercial and commercial purposes - [https://threatfox.abuse.ch/api/#tos](https://threatfox.abuse.ch/api/#tos) - The VirusTotal API terms are described here: [https://docs.virustotal.com/reference/public-vs-premium-api](https://docs.virustotal.com/reference/public-vs-premium-api) --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>