Other Software > Developer's Corner

Own an antivirus system in C#

(1/1)

Abrolen:
Hello!
Now I'm going to write own antivirus system with heuristic analysis. Main part is quite simple: antivirus provides access to virtual files for running application (maybe virus), which works with these files as if they are real. After this antivirus notify what running application attempted to do. I have BoxedApp SDK for emulation of a file system and registry. But antivirus may be more effective and flexible if there are additional tools for recognition of viruses. Maybe there are some ideas?

Thanks!

f0dder:
I'm sorry if the following sounds harsh, but... if you need to ask this kind of question, you aren't ready to write an antivirus application (and imho, an effective AV system today is way outside the scope of what a single developer can do).

If you want to protect the system, you need to write driver code that hooks into the kernel, so you can do scanning before the program is run, and possibly hook a whole bunch of file- and registry-related functions in order to do heuristic behavioral blocking.

For a scanner, you need to implement a x86 code emulator in order to reliably do things like generic unpacking and do it safely.

I took a look at the BoxedApp SDK, and it is not suitable (nor designed) for scenarios like security software.

Navigation

[0] Message Index