I've researched on malware scanner engine a lot recently and I found out this engine could be expanded. There are some good points

1. The only open-source Malware scanner engine is ClamAV, which uses some text database formats (and 1 bytecode - basically compiled objects - format. Bytecode is not very widely used). The problem of this format is slow loading db: it loads everything into memory so it takes a lot of time. This method also takes a lot of RAM ( >1gb). To resolve the RAM issue, ClamAV's bytecode signature is a solution, but its api is limited. And then I found out this engine is having kinda many useful api, similar to Yara's modules. The QTScriptEngine could be slower than compiled COFF file method, but in other hand it has so many pros.
2. The engine is having useful api to check binary file metadata. It could extend more to have things like section hashing, imphash (already in Detect-it-easy). With current api, I think I can demo my idea with this script
   
3. To be good malware scanner engine, I think pattern matching is a required thing. Both Yara and ClamAv are having custom Aho-Corrasick algth, custom syntax with regex implement. This is very huge and I just mention it lul.
4. Ofc it needs unpackers, other file format parsers and more. So let say that the die_script have docx parser, we can write a simple script like docx.hasMacro() and docx.findMacroStr("exec"). Sounds cool, right?

2 examples about malware signatures similar to my idea:

1. Decompiled old Kaspersky signature, image get from Antivirus Hacker handbook
   
2. 2 signatures from Windows defender. Research here https://github.com/commial/experiments/tree/master/windows-defender/VDM
   

So that's my "little" idea. I can try fork this project, add some api and try standalone script engine. What do you think about my idea? Is it doable?