Own an antivirus system in C#

November 16, 2009 at 07:18:48
Specs: Windows XP
Now I'm going to write own antivirus system with heuristic analysis. Main part is quite simple: antivirus provides access to virtual files for running application (maybe virus), which works with these files as if they are real. After this antivirus notify what running application attempted to do. I have BoxedApp SDK ( http://boxedapp.com/ ) for emulation of a file system and registry. But antivirus may be more effective and flexible if there are additional tools for recognition of viruses. Maybe there are some ideas (except simple compare of known viruses’ code parts)?

Thank you!

See More: Own an antivirus system in C#

Report •

November 16, 2009 at 23:34:31
I think you have a good idea. antivirus "pattern recognition" has always seemed klunky and too much overhead (constant updates of "virus pattern database") My admittedly novice suggestion is to run a checksum on all files and compare all files to original checksum (alternatively, just do file-compare of safe-guarded originals against the "abused" files). At one point I thought to subvert virus' by taking a snapshot of my storage prior to going online, then comparing key files sizes and date-modified, but i assume virus' can get around those safeties nowadays. a good checksum might be a good approach (no offense if you've already got all that set up).

Report •
Related Solutions

Ask Question