Canadian govt spooks open source anti-malware analytics tool

Canada's main signals intelligence agency has released the code for a malware scanner and analytics tool as open source. 

The Communications Security Establishment (CSE) said the AssemblyLine tool is designed to analyse large volumes of files, and can automatically rebalance workloads.

Each file is tagged with a unique identifier, and passed through user-defined analytics engines that attempt to assess how malicious the code is, with a score assigned for that purpose.

It can use popular anti-virus utilities such as McAfee, Kaspersky, F-Secure, and BitDefender. AssemblyLine can also connect the VirusTotal aggregate anti-virus scanning service using an application programming key, among others.

Files that are identified as malicious can be passed to other defensive systems, the CSE said.

The intention behind AssemblyLine is to free up analysts from having to manually inspect most files, allowing them instead to focus on incoming malware.

By releasing it as ffree and open source, the CSE hopes the infosec community will further develop the tool and create new methods to detect malicious files.

The source code for AssemblyLine can be found on Atlassian's Bitbucket repository for registered users.

AssemblyLine was built with public domain and open source software by the CSE, with no commercial, proprietary technology. 

The US National Security Agency (NSA) has also publicly released several infosec tools, including Secure Extensions for Linux (SELinux), which are widely used.

Britain's Government Communications Headquarters (GCHQ) also releases tools to the public, and maintains a code repository on Github for that purpose.