The script uses 3 flat text files as databases:
A fourth database named evomalware.suspect is used in "aggressive" mode to detect suspicious files
At each run, EvoMalware will download the latest databases.
Upstream is at https://gitea.evolix.org/evolix/evomalware
GitHub is a mirror.