If this is going to be something that is truly independent then you may have to compile a database of known malware yourself, which is a huge task, and then figure out a method for identifing them (i.e. how your going to code the engine and what your going to use as signatures for the files...). Other then that, if you dont mind spending some $$$, you can check to see how much it would cost to purchase a database and what not.

I did a quick google and found this: http://www.emsisoft.com/en/support/malware/

I hope that helps

I was working on a similar project myself, but i was just compiling a database of non-malacious start up applications....

Im interested to see how it turns out