IRMA is an asynchronous and customizable analysis platform for suspicious files!

Analyze multiple files at once
Get your own intelligence about the threats you deal with
Keep control over your sensitive files


IRMA intends to be an open-source platform designed to help identifying and analyzing malicious files.

However, today's defense is not only about learning about a file, but it is also getting a fine overview of the incident you dealt with: where / when a malicious file has been seen, who submitted a hash, where a hash has been noticed, which anti-virus detects it, ...

An important value with IRMA comes from you keep control over where goes / who gets your data. Once you install IRMA on your network, your data stays on your network.

Each submitted files is analyzed in various ways. For now, we focus our efforts on multiple anti-virus engines, but we are working on other "probes" (feel free to submit your own).


v1.5.3 minor update

The version v1.5.3 of IRMA Open-source is now available!

  • New repositories organization, only one repo called irma
  • Frontend: load optimization on large scan

v1.5.2 minor update

The version v1.5.2 of IRMA Open-source is now available!

  • Allow sftp authentication by key
  • Bugfix: jobs cancel issues

v1.5.1 minor update

The version v1.5.1 of IRMA Open-source is now available!

  • Fix: using cache results was not done in some cases
  • Brain code refactor: celery daemons splitted in two distinct files
  • Brain: more unittests

v1.5.0 major component update

The version v1.5.0 of IRMA Open-source is now available!

  • Storing probe results in PostgreSQL instead of MongoDB. This will break all upgrades attempts but will make easier the process of having data stored outside of IRMA.
  • New: Probe now have a display name
  • Fixes: job error handling and job cancel