ColourSwift

Overview

AvarionX Security is an Android antivirus and behavioural scanner that combines trusted open source intelligence with custom systems. By default, scanning is performed on your device and no files are uploaded. Cloud assisted scanning is optional and only activates when you enable it.

Our encrypted VXPack includes local signature databases derived from ClamAV’s virus definitions along with the AvarionX Security database. This provides strong hybrid detection while maintaining user privacy.

UPDATE: As of January 2026, AvarionX does not integrate ClamAV definitions.

Core design

  • Privacy first, scanning stays on device unless you enable cloud assisted mode.
  • Hybrid intelligence, combining ClamAV signatures with AvarionX heuristics and local machine learning.
  • Lightweight performance, powered by a native Rust engine.
  • Transparency, open technical documentation for research and inspection.

ClamAV Integration

AvarionX Security integrates ClamAV definitions as part of its VXPack. These definitions provide verified threat signatures that assist in local analysis without requiring internet access.

How it’s used

  • AvarionX Security periodically updates and repackages ClamAV signatures into its VXPack format.
  • Definitions are encrypted locally and verified before loading.
  • During scans, the engine checks byte patterns and both SHA256 and MD5 hashes against signature lists.

Open collaboration

For transparency, we maintain a public AV Database containing definitions and release data. Developers and researchers can also explore ClamAV documentation to understand its signature formats and detection logic.

How It Works

The scanner processes files through several controlled layers. This section explains the general workflow.

1. Engine initialisation

  • The encrypted VXPack is loaded and decrypted locally.
  • Signature tables, hash maps, and machine learning models are prepared in memory.
  • The engine stays lightweight to remain responsive during scanning.

2. Scan modes

  • Smart Scan, balanced speed and accuracy for common directories.
  • Rapid Scan, a fast surface level scan.
  • Single File Scan, manual inspection for any file or APK.

3. Detection layers

  1. Signature layer, byte pattern checks using definitions.
  2. Hash layer, comparing both SHA256 and MD5 fingerprints against known malware lists.
  3. Heuristic layer, machine learning based behaviour analysis for APKs.

After completing all layers, the app provides a clear verdict such as Clean, Suspicious, or Malicious.

File selected Smart, Rapid, or Single file Engine initialisation VXPack decrypted Signatures and model loaded Detection layers Signatures SHA256 and MD5 hashes Heuristics and ML Verdict On device

The Cloud

Cloud assisted scanning is optional. When enabled, the scanner uses a combined offline and cloud assisted workflow.

How cloud assisted scanning works

When enabled, the scanner calculates the SHA256 and MD5 hashes of each file. Only these fingerprints are sent to the server. No file content is uploaded.

What a hash is

A hash is a mathematical fingerprint of a file. Even a small change inside the file results in a different hash, which allows fast identification without uploading the file.

Server comparison

The server compares hashes against a database of known malware fingerprints. If the hash is recognised as malware, the app flags the file immediately.

If the server does not recognise the hash, the result means unknown, not clean. The file is then analysed by the offline engine using signatures, heuristics, and machine learning.

File selected Cloud assist on Hash calculation SHA256, MD5 Cloud lookup Compare hashes Not known Hash not found Offline engine Signatures, ML Verdict On device

Privacy & Safety

AvarionX Security does not upload files during scanning. Only SHA256 and MD5 hashes are used in cloud assisted mode, and only if you enable it. Without cloud assist, scanning remains fully offline.

  • No analytics or tracking libraries.
  • Definition updates are verified before use.
  • Only file metadata and structure are read during scanning.

This keeps your device private while retaining strong protection.

Machine Learning

AvarionX Security includes an offline behavioural model that analyses APKs using patterns learned from benign and malicious samples. It examines permission structure, components, and declared behaviours to estimate risk.

  • Trained using diverse APK datasets.
  • No user data or telemetry is used by the model.
  • Runs entirely on device with no remote processing.

This helps detect new or modified threats that do not match known signatures.

Limitations

No security product can identify every threat. AvarionX Security is designed to be lightweight and practical while providing strong coverage through layered detection.

  • Self modifying or encrypted payloads can bypass detection.
  • Firmware or kernel level threats fall outside the scope of app based scanners.
  • False positives may occur with heavily obfuscated software.

Best practices

  • Keep VXPack definitions updated.
  • Use Smart Scan regularly and Rapid Scan for quick checks.
  • Install apps from trusted sources whenever possible.

AvarionX Security uses a hybrid approach combining open source definitions and proprietary detection layers to offer strong protection while respecting privacy.