Question 1

How does Malice compare to VirusTotal?

Accepted Answer

Malice is a self-hosted, open-source alternative to VirusTotal, offering similar multi-engine scanning but with full data privacy and control. However, it requires you to manage infrastructure and plugins, unlike VirusTotal's cloud service.

Question 2

How to install Malice on a Linux server?

Accepted Answer

Malice can be run via Docker commands, as shown in the 'Docker in Docker' section, by pulling the malice/engine image and using Docker volumes. For native installation, check the documentation, but it primarily supports OSX via Homebrew.

Question 3

What antivirus engines are included in Malice?

Accepted Answer

Malice uses a plugin-based architecture with Docker containers for various engines, but the specific engines aren't listed in the README—you need to check the plugin documentation or repository for details.

Question 4

Can Malice scan URLs or only files and hashes?

Accepted Answer

Based on the README, Malice supports scanning files directly or looking up hashes, but there's no mention of URL scanning, so it's likely limited to static file analysis.

Question 5

How to troubleshoot Elasticsearch issues in Malice?

Accepted Answer

Common issues include memory problems; the README suggests increasing vm.max_map_count on Linux and adjusting ES_JAVA_OPTS for lower RAM usage. Refer to the Known Issues section for more details.

Question 6

Is Kibana required to use Malice?

Accepted Answer

No, Kibana is optional for the web UI; you can use Malice via CLI for scanning and output results in markdown format, but Kibana enhances visualization and exploration of data.

malice.io

What is malice.io?

Overview

Use Cases

Best For

Found a gem we're missing?

Not Ideal For

Pros & Cons

Pros

Cons

Open Source Alternative To

Frequently Asked Questions