Products - VFind™ Security Toolkit Family

VSTK Standard

The VFind™ Security ToolKit (VSTK) is a suite of four powerful network and computer anti-malware utilities, that provide flexible and uncompromising computer anti-malware protection. The VFind™ Security ToolKit contains:

VFind™: The first ever UNIX anti-malware scanner, with a unique heterogeneous design that allows for complete protection, in today’s multi-platform networks. All VFind Security ToolKit products feature a Cryptographic Integrity Tool(CIT), Universal Atomic Disintegrator(UAD) and MVFilter.

CIT: Is a fantastic anti-malware security tool that has multiple uses. It reports on all files that have been removed, added, modified or duplicated. It can tighten baseline configuration control down to a single bit. It can also be used with surgical precision on an entire system or single file. The CIT tool produces a database of cryptographic hash values for every file it is directed to manage.

The UAD: Besides its use in anti-virus protection, the UAD tool is built for making identification based upon direct inspection of the data. It makes no assumptions about the file’s contents based upon the file’s name. Which increases response and reduces downtime. This tool also provides the ability for proper data identification through “context switching” which allows for greater degree of anti-virus protection when files are used in both Windows and UNIX.

MVFilter: This tool disinfects OLE documents (Microsoft Word, Excel and PowerPoint) from macro viruses (both VBA and Word Basic). The MVFilter provides a specific advantage over the competition by eliminating and preventing a malicious macro. MVFilter prevents this by zeroing out the entire virus and macro name, and leaves nothing for another virus scanner to detect.

AVA: Included in your maintenance and support, AVA is a service that can provide automated, accurate, and rapid responses to cyber threats in the event of cyber warfare or other major event.

VSTK Turbo

The VFind™ Security ToolKit Turbo (VSTK-T) enables the additional functionality of VFind™ Daemon and Avatar™.

The Daemon Tool provides user applications, virus scanning, and detection services at a high level of performance. Running as a Daemon process, it eliminates the need to re-initialize the scan engines on each request. Thus, reducing the need to use system resources by processing files as they are received, improving response time, and minimizing the effect of virus scanning on the main application.

Avatar maintains the system baseline configuration. It does so by executing system security policies, that act as an intrusion detection and response system.


Included Tools


VFind™ is the malware scanner and pattern analysis tool in the ToolKit, and is unlike any other anti-malware program in existence. It was the first anti-virus scanner for UNIX, the first heterogeneous scanner and the first scanner to incorporate a full virus description language, VDL. VFind™ determines the file type by direct examination of the file's contents. This makes VFind significantly more powerful than other anti-malware products, that only examine files with the “.com” and “.exe” extensions.

The VFind™ Security ToolKit Family of computer security products offers so much more than just virus scanning, with these tools. Our VSTK family of products supports all UNIX type operating systems including UNIX, Linux (all versions), Solaris, AIX, HPUX, and others. CyberSoft is able to support any operating system upon request. Our anti-malware includes a virus scanner with a fully published, and accessible, pattern analysis language, as well as a cryptographic integrity tool for baseline management. The VFind ToolKit provides tools to deal with hidden threats, self-repair tools and more. Our products are easily integrable with any other program.

VFind Real-Time Scanner

Actively monitor directories for changes by extracting, inspecting, and scanning new and modified files in real-time.

Cryptographic Integrity Tool

The Cryptographic Integrity Tool (CIT) detects malware, hackers, sabotage and baseline configuration violations from any source. Using cryptographic change detection, we are able to reduce help desk turnaround time from hours to minutes. An end-user calls stating the system doesn't work...they claim they didn't change anything, and a proposal is due out the door by noon. Is it a user error, an attack, or sabotage? CIT will never lie and cannot be tricked!

Universal Atomic Disintegrator

The Universal Atomic Disintegrator (UAD) solves two difficult problems — identification and decomposition. Decomposition of a file to it's smallest indivisible parts is a difficult problem. First the program must have infallible identification of the file in order to decompose it. This is not a problem for UAD, which identifies the file by direct examination of it's contents.

Visual Scan

CyberSoft has always provided advanced graphical user interfaces, for those users who want the ease of a GUI under Unix/Linux and Microsoft Windows. CyberSoft is committed to meeting all technological demands and remaining on the forward edge of technology. This is our 5th version of a GUI; having advanced from X-windows XView, Motif, TCL/TK, HTML to our latest offering with Qt.

Visual Scan provides more functionality, than ever before, while maintaining an easy to understand and intuitive interface with advanced features. Features include scanning, log file management, quarantining, scheduling, automatic updates, and system integrity management; all from one interface.

Visual Scan is cohesive and well integrated, therefore making it easy to get started and leverage VSTK's core functionality to work for you.


Put simply, MVFilter disinfects OLE documents (Microsoft Word, Excel and PowerPoint) of macro viruses (both VBA and Word Basic). It does this, in the same way that all anti-virus programs disinfect macro viruses, by removal of the macro. The difference is that MVFilter was designed as a tool, and as such, it can be used for compartmentalization purposes in addition to it's reactive disinfection role.

Loopback Head and Loopback Tail

Loopback Head & Loopback Tail (LBH & LBT) ensure that unchanged (but infected) files are re-analyzed by VFind™. LBH reads filenames from a user-customized database; LBT uses the VFind™ output to create a database suitable for use with LBH.

Java Disassembler

The Java Disassembler (JDis): The only sure-fire method of scanning Java code for viruses is to break down the byte code to associate constant pool structures with their operations. JDis quickly and efficiently disassembles Java Byte Code for a VFind™ antivirus scan, which is essential when confronting the latest Java-based Trojan Horse virus.


Bhead is a simple tool that solves the complex issues. UNIX systems do not have a convenient way of scanning for boot sector viruses, and scanning an entire drive just to detect a boot sector virus wastes time. BHead reduces the byte stream to the portion of the drive to allow the boot sector to be scanned.


AVA is a system which provides automated, accurate, and rapid responses to cyber threats in the event of a cyber attack or other major event. Additionally, it provides continuous monitoring of the cyber landscape, identifying new threats and automatically adapting malware definitions to identify them. This service is always included with your active maintenance and support subscription.

Tools Available with Turbo

VFind™ Daemon

The VFind Daemon provides user applications, virus scanning, and detection services at a high level of performance. Running as a Daemon process, it eliminates the need to re-initialize the scan engines upon each request. All files are processed as they are received, improving response time and minimizing the effect of malware scanning on the main application.

VFind Daemon file scanning and virus detection services, are accessible to any application running on a user's system. It's multi-threading capability enables it to scan requests from multiple applications concurrently. Applications can access VFind Daemon services through an easy-to-use message interface. The Simple Virus Scanning Protocol (SVSP) is a text-based, request/response interface that gives applications full access to VFind Daemon services. SVSP includes commands, that enable the program to set scanning options on a per-request basis and, to specify the file to be scanned. Requests can be tagged so that the subsequent responses can be matched. This allows the anti-malware application to submit multiple scan requests, and allows it to match the asynchronous responses. A client program is also provided to further simplify accessing and using VFind Daemon.

VFind Daemon can also support the interfaces for other available malware scanning Daemons, such as: ClamAV's and clamd. This makes it possible to incorporate VFind Daemon into an existing system with minimal software changes, and enable applications to migrate towards utilizing VFind's additional capabilities, at the leisure of the user.

The multi-threading capability allows VFind Daemon to scale gracefully and take advantage of systems with multiple processors. The thread number used by VFind Daemon, is configurable and can be set to match the available computing power.


Avatar maintains the system baseline configuration. It does so by executing system security policies, that act as an intrusion detection and response system.

The most important function of Avatar is response. If the system baseline configuration is modified for any reason, it will be detected by Avatar and returned to the correct baseline configuration.

The value of Avatar's response system is that it enforces discipline via non-subjective automated process, which can execute many times per day.

Anti-virus Testing

In-House Testing

To deliver to our customers the best security solutions, CyberSoft products are tested against the highest industry standards, utilizing a multi-layered testing strategy.

The first layer of internal testing is to determine that VFind will detect each individual virus signature, that which it's designed to detect. Our next round of tests ensures that VFind does not falsely identify legitimate files as infected files, which could interfere with the operations of our customers.

The next layer of testing is performed on a daily basis:

Wildcore Test: All virus samples in our Wildcore-DB should be detected by the new VDL set. We update our Wildcore-DB monthly and the size is growing continuously.

Falsehit Test: All clean samples in our Falsehit-DB should not be detected by the new VDL set. In addition to this regular test, our engineers perform additional falsehit tests with a much larger more comprehensive falsehit database.

VDL Syntax Test: To check if the VDLs follow proper syntax.

VDL Duplicate Test: To avoid having duplicate VDLs.

We post new VDLs every weekday morning, after successful completion of the above tests.

If any one of these tests fails, VTP stops posting procedures and sends a failure notification to the related people to investigate the issue. If we, or our customers, receive a (posting) notification email, that means the new VDL set successfully passed all the four tests.


CyberSoft continually updates this information as new technologies are released and others are deprecated. We will port to any system for the cost of the system. If the OS software is free and will run under a virtual machine, then there is no charge.

VSTK Compatibility Chart

The following table represents feature compatibility chart for VSTK. For information about older releases, please contact us for more information.

Operating System Architectures Multi-Threading GUI
AIX 6.1 PPC Yes No
Debian 9 x86, x86-64 Yes No
Debian 10 x86, x86-64, ARMv7 Yes No
FreeBSD 10.3 x86 Yes No
FreeBSD 11 x86-64 Yes No
FreeBSD 12 x86-64 Yes No
HP-UX 11 Itanium Yes No
Red Hat EL 7 x86, x86-64 Yes Yes
Red Hat EL 8 x86, x86-64 Yes Yes
Solaris 10 x86, x86-64, SPARC Yes No
Solaris 11 x86, x86-64, SPARC Yes No
SUSE 11 x86 Yes No
SUSE 12 x86-64 Yes No
SUSE 15 x86-64 Yes No
Ubuntu 14.04 LTS x86, x86-64 Yes Yes
Ubuntu 16.04 LTS x86, x86-64 Yes Yes
Ubuntu 18.04 LTS x86-64 Yes Yes
Ubuntu 20.04 LTS x86-64 Yes Yes