Hi All,

It has been so long since I asked any questions . . .

Can anyone tell me . . .
I got an idea from this website :

http://codemink.com/how-to-make-antivirus-using-c-programming-language/

is it correct or is it REALLY a good one ???

How to make a real one ???:)

Thankyou all in advance!

The article is a very basic example of the method used by most antivirus software. Real antiviruses don't identify viruses based on human-readable bytes, they identify them based on the sequence of numbers that causes them to work in the first place (machine-code).

What you need to know about a viruses is that they usually tend to get inserted (often though another virus) into a file. Specifically, the virus code is placed at some (occasionally random) location in the file. In some cases, this code is split into two parts: one to begin executing the main code, inserted near the top of the file, and the main code of the virus, usually placed at the end of the file.

In order to accurately identify a virus, rather than some other file with a few similar bytes, you need to identify the machine-code of the virus and store it (so you can remove it from another file). This can be done with a disassembler, but it will take a pretty thorough understanding of assembly on the platform you want the antivirus software to work. Once you've identified the common sequence (after testing a number of files infected with the same virus) you must distribute the sequence to your users' computers. This is why most antivirus software comes with an update system for its definition database.

For more info on viruses and other threats:
http://www.f-secure.com/en/web/labs_global/articles

of course, that code can be written a lot better

cool antivirus is (IMO) an oxymoron. The tricky part here is filling in your reference database.

i have a quick question... how is it that if a virus is placed at either a random or set location, which is apparently at the end of the file, how does the binary file still function? i mean im sure if i did that, the exe would give me all kinds of errors

Hi all,
yes there will be some errors in the exe but the virus programmers i think will write the source code in their desired way...
My question is arent there errors in the codemink article...
why isnt the exe file opened in binary mode...?
Please clear my confusion!

i have a quick question... how is it that if a virus is placed at either a random or set location, which is apparently at the end of the file, how does the binary file still function? i mean im sure if i did that, the exe would give me all kinds of errors

If you place random content at the end of a valid EXE file, then windows loader will just ignore it and the file will be executed normally.

BTW, this tehnique is used by self=xtracting archivers,like winrar, 7z, etc and vrious installers, like NSIS, Inno Setup, etc. They just look for correct offset and extract the content.


You can test it by using cmd.exe copy /b command or programatically, of course.

Okay,
but is that code correct?
can someone use it to make a commercial antivirus ???
Thankyou everyone in advance!!! :)
Regards,
Aravind.

Well the first line of code is a copyright so no, you can't just use it for your own commercial purposes.

I love the comments on that page. Every one of them sounds like a "Do my homework" post. 8^)

If you want to look at a real virus scanner check here (or Google "open source anti virus"): http://www.clamav.net/lang/en/

It's open source so you can look at the code. It's also free so I have no idea why anyone would want to bother writing their own tool. It would never be as protective as one of the big open source project versions are.