topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • Thursday March 28, 2024, 11:21 am
  • Proudly celebrating 15+ years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: Own an antivirus system in C#  (Read 3586 times)

Abrolen

  • Participant
  • Joined in 2009
  • *
  • Posts: 4
    • View Profile
    • Donate to Member
Own an antivirus system in C#
« on: May 24, 2009, 10:50 PM »
Hello!
Now I'm going to write own antivirus system with heuristic analysis. Main part is quite simple: antivirus provides access to virtual files for running application (maybe virus), which works with these files as if they are real. After this antivirus notify what running application attempted to do. I have BoxedApp SDK for emulation of a file system and registry. But antivirus may be more effective and flexible if there are additional tools for recognition of viruses. Maybe there are some ideas?

Thanks!

f0dder

  • Charter Honorary Member
  • Joined in 2005
  • ***
  • Posts: 9,153
  • [Well, THAT escalated quickly!]
    • View Profile
    • f0dder's place
    • Read more about this member.
    • Donate to Member
Re: Own an antivirus system in C#
« Reply #1 on: May 25, 2009, 03:59 AM »
I'm sorry if the following sounds harsh, but... if you need to ask this kind of question, you aren't ready to write an antivirus application (and imho, an effective AV system today is way outside the scope of what a single developer can do).

If you want to protect the system, you need to write driver code that hooks into the kernel, so you can do scanning before the program is run, and possibly hook a whole bunch of file- and registry-related functions in order to do heuristic behavioral blocking.

For a scanner, you need to implement a x86 code emulator in order to reliably do things like generic unpacking and do it safely.

I took a look at the BoxedApp SDK, and it is not suitable (nor designed) for scenarios like security software.
- carpe noctem