Batch Antivirus
Powerful and complete antivirus suite coded in batch.
What is Batch Antivirus?
Batch Antivirus is an antivirus suite coded entirely in batch which aims to demonstrate the potential of the batch scripting language. It is capable of deeply analyzing batch files, detect and even intercept hidden malware before it is even ran.
As the name suggests, it is entirely written in batch.
As the name suggests, it is entirely written in batch.
Features
Main features
- World's most precise automated batch file behavior analyzer.
- Profoundly scans batch files
- Includes 23 unique behavior detection patterns
- Detects whether obfuscation techniques are used
- Bypasses commonly used anti-antivirus techniques
- Provides an accurate naming of new detections
- Returns a malicious behavior score over 100
- Real-time protection
- Real-time file protection
- Real-time web protection
- Real-time process analyzer
- Kill protection for real-time protection
- Background real-time protection
- PC Monitor, which checks for disk space & CPU temperature
- Full drive & USB scanner
- USB shortcut malware remover
- Auto updater (both antivirus and databases)
- Custom database
- 193k SHA256 hash database with accurate detection names
- 313k IP database
- Boot-time real-time protection that initiates before any other startup program (even
explorer.exeanduserinit.exe) - Safe, isolated quarantine
Other features
- USB Scanner for malware
- USB shortcut malware remover
- Autorun configuration of the antivirus
- PC Monitor, which checks for disk space & CPU temperature
- Kill protection for real-time protection
- Background real-time, starting before any other startup program (even before
userinit.exeandexplorer.exe) - Includes a quarantine viewer with information about the files
- Files are base-64 encoded and ACL-locked, preventing even administrator-level processes from interacting with them
- Detailed malware detection.
- Online VirusTotal analysis
- Experimental file association interception
Modules
Batch Antivirus is divided into different independent modules. These are the files used to run each module.
BAV.bat➞ Disk scannerBAVDetail.bat➞ Detailed malware detection.BAVIntercept.bat➞ Batch Antivirus file interceptor.BAVStatus.bat➞ Batch Antivirus installation checker.BAVUpdate.bat➞ Batch Antivirus updater.BAVWebsiteBlocker.bat➞ Batch Antivirus website blocker.DeepScan.bat➞ Batch Antivirus heuristic scanner (for batch files).Quarantine.bat➞ Batch Antivirus quarantine viewer.RealTimeProtection.bat➞ Real-time protection (both file and web protection).USBCleaner.bat➞ Batch Antivirus shortcut malware remover.USBScan.bat➞ Batch Antivirus drive scanner.
Other files are part of a Batch Antivirus installation; however, they are used internally by the modules listed above, and shouldn't be ran manually.
Bug reports
If you find any bug, please create an
issue
explaining the bug and the way to get it. If the issue is reproducible, it will be fixed in a short period of time and a patched version will be released.
Contributing
To contribute to Batch Antivirus, fork the project and create a pull
request explaining the changes you want to do. All pull requests will be reviwed. You will get credit for that contribution.
Help and usage
For each module listed in modules, specify
--help as the first command-line argument to get a detailed explanation about that module. If you still have questions, don't hesitate to contact me.
Contact
Join the Batch Antivirus development channel!
Frequent Asked Questions
Click to see the FAQ about Batch Antivirus.
Is Batch Antivirus good enough to use as the main antivirus?
Sadly, the answer is no. Batch Antivirus contains a small database (190k hashes). To have a safe system, it is strongly recommended to use another antivirus solution. Think of Batch Antivirus as an extra protection layer.
Is installation required?
No, Batch Antivirus can be used portably. Real-time protection relies on the file system activity and not on kernel drivers.
Although it's not required, if you're willing to have a better security, consider adding Batch Antivirus as an autorun with
Although it's not required, if you're willing to have a better security, consider adding Batch Antivirus as an autorun with
BAVAutorun.bat and selection the third option (shell autorun).
Why is scanning so slow?
Scanning takes some time due to the batch language limitations. Batch scripting doesn't have built-in way to calculate the file hash, and that's why it can take some time on small files.
Does Batch Antivirus collect any data?
No, Batch Antivirus doesn't collect any data. I believe that privacy is very important, so using Batch Antivirus is a good option if you don't want an intrusive antivirus.
I accidentally found some malware, where can I send you the SHA256 hash?
Contribute by creating a pull request, which is the fastest method. Alternatively, you can contact me and we can discuss about Batch Antivirus on the Discord server.
Why does heuristical analyzer detect legitimate programs?
It checks for patterns usually found in malware. Although it's pretty accurate, some program can give false positives as they can have a suspicious behavior.
What I need to do if I want to use a part of the antivirus?
Feel free to use Batch Antivirus for your projects, but please credit me and link the Batch Antivirus repository as it's not trivial to make a full antivirus suite in batch.