Hello!
Now I'm going to write own antivirus system with heuristic analysis. Main part is quite simple: antivirus provides access to virtual files for running application (maybe virus), which works with these files as if they are real. After this antivirus notify what running application attempted to do. I have BoxedApp SDK for emulation of a file system and registry. But antivirus may be more effective and flexible if there are additional tools for recognition of viruses. Maybe there are some ideas(except simply comparison of known virus's code part)?
Thank you!
