This update includes new detection methods, and more
Quarkslab released this week a new version of Irma, our automated file analysis platform for malware detection.
This project was born in 2015 as a collaborative initiative of 5 European organizations, who were seeking to augment their malware detection capacity and to develop a common platform for efficient content analysis at a large scale.
Since its early origin as an Open Source Software project, Irma evolved to become now a commercially supported content analysis platform, with a full feature set suitable for deployment on-premises in IT environments.
We envisioned with Irma to offer the perfect security toolbox for security teams, as a one-stop-shop for file analysis.
Thanks to Irma’s modular architecture, probes, which are software components dedicated to file analysis such as an antivirus engine, for example, can be easily added to develop Irma capacities, benefiting from its orchestration engine.
In the last six months, our development team added new features, corrected bugs and continuously improved the performance of the solution.
Apart from the quality of life improvements, we will focus here on four new features that go towards this vision of offering a complete toolbox to SecOps, SOC and CERT teams.
With this brand new feature, users can now go onto the user interface and upload files to scan without having to create an account first. This allows security teams to offer a scanning service to their users without having to manage account creation.
Scan PDF files
With this version, we have integrated a new probe that scans PDF files, and sanitize them by deactivating all active code that might be hidden within the file. This works by rendering the contents of a pdf file to images and merging them into a new pdf file, which a user can then download.
This feature allows scanning office files thanks to the OLE tools, developed by Philippe Lagadec: these tools can identify VBA (Visual Basic for Application) or DDE (Dynamic Data exchange) scripts embedded in Office files and detect if they are malicious or not.
Users are also now notified when the status of previously scanned file changes, which can be very useful if a file is deemed innocuous the first time, but revealed to be malicious later on.
To learn more about Irma and its capabilities, go to the following page:
If you wish to see Irma in action, contact our team for a product demonstration by filling out the form at the following address :