8 Replies - 8257 Views - Last Post: 17 February 2009 - 12:08 PM

#1 tecfrek   User is offline

  • New D.I.C Head

Reputation: 0
  • View blog
  • Posts: 4
  • Joined: 16-January 09

Ideas for Making Anti-Virus Software

Posted 16 January 2009 - 12:59 PM

Hi. I wish to program a simple anti virus using either PERL or C/C++ or something similar. The thing is, I have no intention of developing a complex program - it needs to be a very basic program that can determine if a file is infected or not. For this, I need to know the working of an anti virus software. How does it determine whether a file is infected or not? Can it go through the contents of the file at the very basic bit level? Is it possible to code an anti-virus using PERL? Please give me some ideas as to how I can tackle this problem. I don't need to know the code as such, i will try to develop that on my own. I just need to know how to begin for this project. Any suggestions are welcome. Thanks in advance!





*edit: Changed topic to be a bit more descriptive. :)

This post has been edited by Martyr2: 16 January 2009 - 04:43 PM


Is This A Good Question/Topic? 0
  • +

Replies To: Ideas for Making Anti-Virus Software

#2 numerical_jerome   User is offline

  • D.I.C Head

Reputation: 12
  • View blog
  • Posts: 167
  • Joined: 16-September 07

Re: Ideas for Making Anti-Virus Software

Posted 16 January 2009 - 04:38 PM

antivirus software takes a number of approaches toward virus detection. First, most vendors provide regular "definition" files that contain a process name, check-sum or hash for a know virus. Second some will note the checksums of good programs and runtime libraries (.dll .exe et cetera), as well as interpretable source files (.jar, .py, et cetera) looking for malicious code that is executing from a legitimate application. finally, AV software will check registry settings, some system directories, et cetera to look for "suspicous" changes.

Part two you could implement in these languages as follows:

When run the first time:
1) cd into root dir ("C:\" on WIndows / DOS)
2) recursively search each directory for executable, or interpretable files.
3) When file is found, calculate its check-sum
4) append absolute filepath and checksum into a file for the AV's reference

When run each subsequent time:
1) search files on disk as before
2) when file found, search for it's existence in the AV reverence file
3) if it doesn't exist, alert the user to a possible virus, or add to AV ref file if directed
4) else generate check sum
5) if the checksums don't match, alert the user to a possible virus


Needless to say, this would drive a programmer (who constantly adds new executables) nuts, and flag every legitimate update as suspicious, while often missing viruses. However, if this is a project for your own amusement and education, it should give you some idea as to what goes into searching a disk for "strange goings on".

Hope this helps,

-Jerome

EDIT:

Q: Can it go through the contents of the file at the very basic bit level?
A: yes, it has to

Q: Is it possible to code an anti-virus using PERL?
A: yes

This post has been edited by numerical_jerome: 16 January 2009 - 04:39 PM

Was This Post Helpful? 0
  • +
  • -

#3 Hyper   User is offline

  • Banned

Reputation: 108
  • View blog
  • Posts: 2,129
  • Joined: 15-October 08

Re: Ideas for Making Anti-Virus Software

Posted 25 January 2009 - 10:02 PM

Here's a very old book, it explains how to create viruses, and how to detect viruses using PASCAL/x86 Assembly.

http://faculty.capit...r%20viruses.pdf

This post has been edited by Hyper: 25 January 2009 - 10:03 PM

Was This Post Helpful? 1

#4 anurag.dongre86   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 14
  • Joined: 10-February 09

Re: Ideas for Making Anti-Virus Software

Posted 10 February 2009 - 02:56 AM

View Postnumerical_jerome, on 16 Jan, 2009 - 03:38 PM, said:

antivirus software takes a number of approaches toward virus detection. First, most vendors provide regular "definition" files that contain a process name, check-sum or hash for a know virus. Second some will note the checksums of good programs and runtime libraries (.dll .exe et cetera), as well as interpretable source files (.jar, .py, et cetera) looking for malicious code that is executing from a legitimate application. finally, AV software will check registry settings, some system directories, et cetera to look for "suspicous" changes.

Part two you could implement in these languages as follows:

When run the first time:
1) cd into root dir ("C:\" on WIndows / DOS)
2) recursively search each directory for executable, or interpretable files.
3) When file is found, calculate its check-sum
4) append absolute filepath and checksum into a file for the AV's reference

When run each subsequent time:
1) search files on disk as before
2) when file found, search for it's existence in the AV reverence file
3) if it doesn't exist, alert the user to a possible virus, or add to AV ref file if directed
4) else generate check sum
5) if the checksums don't match, alert the user to a possible virus


Needless to say, this would drive a programmer (who constantly adds new executables) nuts, and flag every legitimate update as suspicious, while often missing viruses. However, if this is a project for your own amusement and education, it should give you some idea as to what goes into searching a disk for "strange goings on".

Hope this helps,

-Jerome

EDIT:

Q: Can it go through the contents of the file at the very basic bit level?
A: yes, it has to

Q: Is it possible to code an anti-virus using PERL?
A: yes

but then some antiviruses even keep the information about viruses as their definitions(for eg. a debugger would break the known virus file into bits and a unique string of those bits will differentiate this virus from any other file. this property can be used as a definition.....m i correct?)
Was This Post Helpful? 0
  • +
  • -

#5 no2pencil   User is offline

  • Professor Snuggly Pants
  • member icon

Reputation: 6872
  • View blog
  • Posts: 31,656
  • Joined: 10-May 07

Re: Ideas for Making Anti-Virus Software

Posted 10 February 2009 - 03:11 AM

View Postanurag.dongre86, on 10 Feb, 2009 - 03:56 AM, said:

but then some antiviruses even keep the information about viruses as their definitions(for eg. a debugger would break the known virus file into bits and a unique string of those bits will differentiate this virus from any other file. this property can be used as a definition.....m i correct?)


They are usually unique strings in the header of the exe files. They are not necessarily broken down & viewed bit by bit.
Was This Post Helpful? 0
  • +
  • -

#6 anurag.dongre86   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 14
  • Joined: 10-February 09

Re: Ideas for Making Anti-Virus Software

Posted 10 February 2009 - 03:33 AM

U mean that the header of one exe file has some unique string. it doesnt match with other exe file in this world?
Was This Post Helpful? 0
  • +
  • -

#7 no2pencil   User is offline

  • Professor Snuggly Pants
  • member icon

Reputation: 6872
  • View blog
  • Posts: 31,656
  • Joined: 10-May 07

Re: Ideas for Making Anti-Virus Software

Posted 10 February 2009 - 03:36 AM

No. Not at all.

A binary file holds the strings to be used in the header. This header can be scanned.

Check this reference for examples.
Was This Post Helpful? 0
  • +
  • -

#8 anurag.dongre86   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 14
  • Joined: 10-February 09

Re: Ideas for Making Anti-Virus Software

Posted 10 February 2009 - 04:11 AM

thats really a long format in difficult language...but m still trying to get it

This post has been edited by anurag.dongre86: 10 February 2009 - 04:11 AM

Was This Post Helpful? 0
  • +
  • -

#9 Anil21   User is offline

  • New D.I.C Head

Reputation: 1
  • View blog
  • Posts: 2
  • Joined: 10-February 09

Re: Ideas for Making Anti-Virus Software

Posted 17 February 2009 - 12:08 PM

View Posttecfrek, on 16 Jan, 2009 - 11:59 AM, said:

Hi. I wish to program a simple anti virus using either PERL or C/C++ or something similar. The thing is, I have no intention of developing a complex program - it needs to be a very basic program that can determine if a file is infected or not. For this, I need to know the working of an anti virus software. How does it determine whether a file is infected or not? Can it go through the contents of the file at the very basic bit level? Is it possible to code an anti-virus using PERL? Please give me some ideas as to how I can tackle this problem. I don't need to know the code as such, i will try to develop that on my own. I just need to know how to begin for this project. Any suggestions are welcome. Thanks in advance!





*edit: Changed topic to be a bit more descriptive. :)


Dear Friend ,
i m from india , and my name is anil

it is smiple logic of scan & compare files from Operating System.
Programing Task Required> 1. Port /Socket Programing (scan Network or USB or CD or Floppy Drive on Real Time
For Realtime Scan You Can use Timer (it's works as Raider )

How it workds . One Comple Virus Database u Required ( I don't how to Collect This) But i know only if you have a Virus DATAbase A Simple Compare System To Compare (on Scaning Time) Files from Virus Database. if a virus Found Take any Action(like move/Delete/Rename ) as per user define u can use.
if there any new idia Plez tell me
Was This Post Helpful? 1

Page 1 of 1