antivirus programming
hi
i have to write an antivirus software for my project.but i still dont know how to write it.its enough for mr to know how it works,how it finds the viruses attached to files.simply i wanna learn the mantality of antivirus programming rather than the codes.
thx
Modern anti-virus software is not something you want to be thinking about writing for a project. There are some seriously deep theories involved. For someone coming into the arena fresh, there are literally years of research required to grasp even part of it.
Years ago, a simple pattern matcher was good enough, but todays encrypting, polymorphic viruses are too good for such simple approaches.
A Serious researchers may get some info from the antivirus software makers, but they are, for really very obvious reasons, not going to give away their secrets. They are, after all, at war.
Look for another project.
Wave upon wave of demented avengers march cheerfully out of obscurity unto the dream.
i agree, change project.
for a start you have a databse of literally thousands of viri and alias' along with filenames
then you have the heuristics detection
then the cleaning technique, integration with the system.
Monday - what a way to spend a seventh of your life
i mean in this project assumethat very .xxx file is infected with a very simple virus.for instance a trojan horse this horse can attach itself to a file.how can it attach itself to a file.and how can i find this attached trojan horse for example in infected.exe
If the virus is a simple virus, non encrypted, non polymorphic, i.e. it has the same pattern on every occurance, then you could use a pattern matcher.
If the virus is "A0 45 EF 67 83 BF C0 38 64 19 B7", (a real one would obviously be longer this is just 11 bytes, but suppose...), then you would start at the beginning of the file you want to check and see if the first 11 bytes matched the pattern, if yes, then maybe the file has the virus, (of course it is quite possible that the file had those contents anyway), if there is no match, advance one byte then try again, until you get to the end of the file.
As an excerise in file and pointer manipulation it may acheive something, but as I said before, there is no way such an approach would find anything but the oldest, simplest real life virii.
Wave upon wave of demented avengers march cheerfully out of obscurity unto the dream.
Hi
Another problem, i am new in programming and i am studying C.
Is C can be used to create an antivirus program?
I can't imagine how it works!
One must know x86 assembler language to understand how viruses are working.
First you dissasemble binary and then by reading assembler listing you line by line trying to figure out what was programmed by virus author. After analyzing how this particular virus is infecting programs you realize how to cure it or you realize that original program is irretrievable, in this case you offer to delete it.
I wrote my first virus for DOS in 1994, and first antivirus in 1993.
thanks
Last edited by amebakit; 05-27-2002 at 10:02 PM.
Again, the file might actually have those values in it and not be a virus. Also, original poster, what are you doing with a project like this? If this is for school how can you be expected to write an anti-virus software packg. without knowing how to do it? I mean, is everyone in the class lost? Also if this is for fun , I commend the enthusiasm but perhaps reading up on some assembly would be more beneficial at this state.Originally posted by amebakit
virus_offset=(unsign int)(*(buffer+1)) +3 to buffer2
compare buffer2 with mask
virus_mask[16] ={0x06,0x1e....}
if true file is infected
virus_size = file_size - virus_offset
cured_file_size = file_size - virus_size
