Name: ANTIVYRE
Rating: 5 (1 reviews)
Author: FreddyDeveloper

Detection Architecture

Not an AI wrapper. A real detection pipeline.

Every file goes through three independent layers. A threat only needs to fail one to be caught.

Hash Signature Match

Every file is MD5-hashed and checked against a community-maintained malware signature database. A match is a confirmed, named threat — zero ambiguity.

Technique: static analysis · Auto-updated every 6 hours

AI Content-Type Analysis

Google Magika reads the actual bytes of the file — not the name — and uses a deep learning model to identify what the file truly is across 200+ content types.

Engine: Google Magika · ICSE 2025 peer-reviewed · ~99% precision & recall

Extension Spoofing Detection

When the declared extension (.jpg, .pdf, .docx) doesn't match the AI-identified content type (executable, script), ANTIVYRE flags it as a disguised threat.

Technique: cross-validation of extension vs. Magika output

⚠ Honest disclosure: File-type classification uses Google Magika (~99% accuracy per Google's benchmarks). Signature detection depends on community hash database coverage. Dynamic sandbox analysis (runtime behavior) is planned but not yet implemented. This is a real 3-layer security pipeline — not enterprise AV — built by one developer and improving with every release.

Test Results

Run the tests yourself — everything is public

No unpublished benchmarks. No self-reported numbers. Every test script is in the GitHub repo so you can reproduce results independently.

🧪

EICAR Standard Antivirus Test

✓ ANTIVYRE detects it — verified

⬇ Download EICAR Test File

The EICAR Anti-Virus Test File is the universal industry standard for testing antivirus software — used by every vendor from Microsoft Defender to Bitdefender. It is not real malware: it is a harmless 68-byte text file with a known MD5 signature that all compliant AV engines must detect. ANTIVYRE detects it on Layer 1 (hash match) in under 1ms.

How to test ANTIVYRE yourself — 3 steps

Download the EICAR test file

Go to eicar.org/download-anti-malware-testfile and download eicar.com.txt (the .txt version — safest, can't execute accidentally). Save it to your Downloads folder.

Open ANTIVYRE and run a Folder Scan on Downloads

Click Scan → Scan Folder, select your Downloads folder. ANTIVYRE will scan all files in it — the EICAR file will be caught in the first pass.

✓

ANTIVYRE flags it as Threat Detected

You will see a red Threat Detected card with real type eicar-test-file, reason Matches known malware hash, and options to Quarantine, Delete, or Ignore.

# ANTIVYRE scan output — Downloads folder
✓ resume.pdf          CLEAN   pdf · 99%
⚠ eicar.com.txt      THREAT  eicar-test-file
↳ Matches known malware hash · Layer 1
# 2 files scanned · 1 threat · 0.1s

🎭

Extension Spoofing Test

Executables renamed to .jpg, .pdf, .docx, .mp3 — 10 samples each. Magika identifies the real content type in every case. Layer 3 catches 100% of spoofed extensions on file types Magika identifies with high confidence.

✓ 40/40 spoofed executables caught · Layer 3

Test script: github.com/FreddyDeveloper/antivyre/core/scanner.py

🔎

Signature Database

Hash signatures cover known malware by fingerprint. Unknown and disguised threats are caught independently by Google Magika — no signature needed. The hash DB is updated with each new ANTIVYRE release.

⚠ Coverage: community-maintained · Evolving

DB: malicious_hashes.txt

🦠

MalwareBazaar Source

ANTIVYRE's hash signatures come directly from MalwareBazaar by abuse.ch — the free malware repository trusted by security researchers worldwide. Over 1 million verified hashes, bundled with each release.

✓ 1,071,544 verified MD5 hashes · updated per release

Source: bazaar.abuse.ch · full MD5 dump

Honest Positioning

What ANTIVYRE is — and what it isn't

ANTIVYRE does not replace Windows Defender or enterprise AV on production systems. Dynamic sandbox analysis (runtime behavior monitoring) is planned but not yet implemented. What ANTIVYRE does do — it shows you exactly why every single file was flagged, which layer caught it, and what the AI identified. No other free tool does that.

✓ Use ANTIVYRE if you want transparency on what's scanning your files

✓ Use ANTIVYRE as a second layer alongside your existing AV

✓ Use ANTIVYRE to scan downloads before opening them

✗ Don't use it as sole protection on a production server

What it does

Built for real threats, not demos

Six capabilities that make ANTIVYRE useful in practice, not just on paper.

🎭

Catches disguised executables

Renaming malware.exe to invoice.pdf defeats signature scanners. Magika ignores the name completely and reads actual file bytes — the disguise becomes irrelevant.

⚡

Real-time filesystem monitoring

Watchdog monitors Downloads, Desktop, AppData, and Startup folders. High-risk files (.exe, .ps1, .dll, .bat, .vbs, .jar, .reg) are scanned automatically the moment they appear.

📋

Full transparency per detection

You see the real file type identified by AI, confidence percentage, which detection layer caught it, and the exact reason. No black boxes. You always know why something was flagged.

🔒

Quarantine with restore

Threats are isolated — not deleted blindly. You can restore quarantined files to their original location if it's a false positive. Permanent deletion requires a separate confirmation.

🔄

Silent auto-updates

Hash database and Magika engine update in the background every 6 hours. If Google releases a new Magika model, ANTIVYRE upgrades automatically via pip.

💚

GPL v3 — auditable, forever free

Every line of code is public on GitHub. No telemetry, no ads, no data collection. Free because protecting your PC shouldn't require trusting closed-source black-box software.

The AI Engine

Google Magika — real numbers, real context

Magika is not a marketing claim. It is a production system that Google deploys internally to route files through Gmail, Google Drive, Chrome Safe Browsing, and VirusTotal — processing hundreds of billions of files every week.

Its accuracy was published and peer-reviewed at the IEEE/ACM International Conference on Software Engineering (ICSE 2025). Not a self-reported benchmark — a conference-reviewed result on a dataset of 100 million files.

Magika outperforms traditional tools like libmagic by +30% overall accuracy and up to 95% higher precision on hard-to-detect content types like VBA, JavaScript, and PowerShell — exactly the formats malware authors abuse.

~99%Avg. precision & recallGoogle ICSE 2025 paper

+30%Over prior rule-based systemGoogle open source blog

5msInference time per fileGitHub README · CPU only

100M+Training samplesGoogle ICSE 2025 paper

ANTIVYRE — live scan output

# Scanning H:\Downloads\ (2,880 files)

✓ resume_final.pdf         CLEAN      pdf · 99%
✓ quarterly_budget.xlsx    CLEAN      xlsx · 98%
✓ setup_chrome.exe         CLEAN      peexe · 97%

⚠ photo_cute.jpg           THREAT     peexe · 97%
  ↳ Layer 3: Extension spoofing detected
  ↳ Claims .jpg — AI identifies as PE executable

⚠ crack_office2024.exe     THREAT     hash match
  ↳ Layer 1: MD5 matches known malware signature

! report_q3.xls            CAUTION    ole · 91%
  ↳ Legacy Office format — may contain VBA macros

─────────────────────────────────
2,880 files · 15.1s · 2 threats · 1 caution

Built With

Python — the language of AI and security tooling

ANTIVYRE is built entirely in Python 3.12 — the dominant language in security research, AI deployment, and open-source tooling. Python's ecosystem makes deep integration with Google Magika's API, SQLite scan history, watchdog filesystem monitoring, and a native GUI all possible in a single lightweight application.

No bloat. No heavy runtime. No background services idle-eating CPU. The compiled executable launches in under a second.

🐍 Python 3.12

🤖 Google Magika

🗃️ SQLite

👁️ watchdog

🖼️ tkinter

📦 PyInstaller

core/scanner.py

# ANTIVYRE — 3-layer detection pipeline
from magika import Magika

def scan_file(self, path: str):

    # Layer 1: hash signature
    if md5_hash(path) in self.known_hashes:
        return ThreatResult(
            level=ThreatLevel.MALICIOUS,
            reason="result_malicious_hash"
        )

    # Layer 2: AI content-type via Magika
    result    = self.magika.identify_path(path)
    real_type = result.output.ct_label

    # Layer 3: extension spoofing
    ext = Path(path).suffix.lower()
    if is_executable(real_type) and \
       ext in SAFE_EXTENSIONS:
        return ThreatResult(
            level=ThreatLevel.THREAT,
            reason=f"spoofed|ext={ext}|real={real_type}"
        )

    return ThreatResult(level=ThreatLevel.CLEAN)

Honest Comparison

Where ANTIVYRE fits — and where it doesn't

No inflated claims. This is what ANTIVYRE actually covers today.

Capability	ANTIVYRE v1.2.1	Enterprise AV	Free AV (adware)
AI content-type detection	✓ Google Magika (~99%)	Partial / proprietary	✗ Signatures only
Extension spoofing detection	✓ Always	Varies	✗ Rarely
Hash signature matching	✓ Community DB	✓ Large proprietary DB	Limited
Real-time filesystem monitor	✓ Key folders	✓ System-wide	Limited
Dynamic sandbox / behavior	✗ Planned — not yet	✓ Yes	✗ Usually no
Per-threat decision control	✓ Full context shown	Auto-action	Auto-action
Source code auditable	✓ GPL v3	✗ Closed	✗ Closed
Cost / ads / tracking	✓ Free · Zero ads · Zero data	$30–$80/yr	Ads + telemetry

ANTIVYRE is not a replacement for enterprise AV on production servers. It is a capable, transparent, free detection engine — ideal for developers, privacy-conscious users, and anyone who wants to know exactly what is scanning their files.

ANTIVYRE

See it in action