Polyvaccine
=======

Polyvaccine is a detection software that enables protection to HTTP or SIP servers from unknown binary attacks, 
such as polymorphic exploit attacks, and DDoS at application layer. Polyvaccine is supported on Linux x86_64 platform.

Polyvaccine have the next characteristics:

- Don't need signature updates.
- The main three task(detection, protection, filtering) could be placed distributed on several nodes
- The architecture is fully distributed (using dbus as main orb).
- The integration with other subsystems such as logger, firewalls and so on is easy just by using simple python scripts.
- Don't have support for Sql-injection, just any type of binary attacks.
- Don't try to replace the functions of a NIDS.
- The management task are negligible.
- Libseccomp support.
- Support for mysql and redis databases.

Polyvaccine consist on 3 main process:
- Filter engine(pvfe).
- Detection engine(pvde).
- Protection engine(pvpe).

These engines could be placed at any part of the network, however our example puts 
all the process on the same machine.

--------------------------------------------------------------
Basic test configuration

                   ----------------
                   |  web-server  |
                   ----------------
                          |
                          |
                   ----------------
                   |  pv-machine  |
                   ----------------
                        |eth0|
                        ------
                          |
                          |
                    -------------
                    |           |
                  inet        dummy

All the process (pvfe,pfde and pvpe) are executed on the pv-machine with two ethernet devices.

./pvfe -i eth0 -p 80
sudo ./pvpe -i eth0  
        
                          
Tips for debugging.

- Glib generates valgrind errors, in order to avoid them use:
	G_DEBUG=gc-friendly G_SLICE=always-malloc valgrind program