i am just curious how the virus scanners scan inside files for certain paterns
anyone know?
i am just curious how the virus scanners scan inside files for certain paterns
anyone know?
System: Debian Sid and FreeBSD 7.0. Both with GCC 4.3.
Useful resources:
comp.lang.c FAQ | C++ FQA Lite
that dosent say what API is being used , it just says how it does it
Ther eis not API really for the stuff that an AV does. Its mostly alot of hooks into the shell/system that get executed when a program starts/runs etc.Originally Posted by Anddos
Founder and avid member of the Internationsl Typo Associateion
Most effective AV applications use an intermediate filter driver in the kernel. This has nothing to do with the windows API itself. The low level filter permits far greater power than a high level OS dependant API.
whata about when you do a file scan , that must look inside the file for certain tags