none
Antivirus programming

    Question

  • I've been allotted a project from my university to build an antivirus but I'm confused about which language should I use. Can anyone suggest me the language that should be used in order to complete the project in time and without much complexities? I was thinking of using VB.NET or C/C++.
    The world is a shop and to survive you've to be a good salesman.
    Wednesday, August 5, 2009 2:26 PM

Answers

  • Hi – I think my information can help you.

    You want to build an antivirus program. That’s nice. To begin, you need to have the “basic” understanding of how an antivirus works.

    There are different way’s antivirus programs can detect virus infections; one common way is “checksum” using (MD5) hash algorithm.

    Then there is also through file size. Which is a bit hard, because, then you need to have the virus code (e.g. an *.exe program which already has the malware infection code inside), to get the exact size of the file.

    Also, there is another method, which is to find the entry-point of the code (The code is in assembler), a normal entry-point can be: 0x1000h. While the infected can be: 0x6000h.

    I myself developed a small tool (virus removal tool like) to find a specific virus through the checksum.

    Antivirus software’s today are using a technology called “Heuristic” technology. Antivirus software’s are running in “Real-Time mode”, this means that they monitor the activity of programs, files and other.

    If you want to develop your own antivirus software, then I must say that C/C++ is better to use, you can also use the C#, but I recommend C/C++. Also when compile, make the scan engine in *.sys.  

    Also make the database where you can store the ids for each virus.

    For further reading:
    Library (VX Heavens = http://vx.netlux.org/lib/ (I recommend this).

    I hope this information was helpful…

    Have a nice day…

    Best regards,
    Fisnik

      


    Coder24.com
    Friday, August 14, 2009 9:55 AM

All replies

  • Anti-virus products plug into the lower levels of the operating system, including the filesystem and network protocol stacks. Thus, they're generally running within the kernel, and are hence native code, written in C (sometimes C++).
    Friday, August 7, 2009 10:43 PM
  • I wouldn't worry about the language as much as the algorithms. AV products are typically signature-based, looking for signatures of known viruses in files. You'll need some kind of database of signatures plus an efficient way of scanning files and looking for those signatures.  That's for a scan. Real-time scanning is a lot more complicated.
    Phil Wilson
    Tuesday, August 11, 2009 9:39 PM
  • Hi – I think my information can help you.

    You want to build an antivirus program. That’s nice. To begin, you need to have the “basic” understanding of how an antivirus works.

    There are different way’s antivirus programs can detect virus infections; one common way is “checksum” using (MD5) hash algorithm.

    Then there is also through file size. Which is a bit hard, because, then you need to have the virus code (e.g. an *.exe program which already has the malware infection code inside), to get the exact size of the file.

    Also, there is another method, which is to find the entry-point of the code (The code is in assembler), a normal entry-point can be: 0x1000h. While the infected can be: 0x6000h.

    I myself developed a small tool (virus removal tool like) to find a specific virus through the checksum.

    Antivirus software’s today are using a technology called “Heuristic” technology. Antivirus software’s are running in “Real-Time mode”, this means that they monitor the activity of programs, files and other.

    If you want to develop your own antivirus software, then I must say that C/C++ is better to use, you can also use the C#, but I recommend C/C++. Also when compile, make the scan engine in *.sys.  

    Also make the database where you can store the ids for each virus.

    For further reading:
    Library (VX Heavens = http://vx.netlux.org/lib/ (I recommend this).

    I hope this information was helpful…

    Have a nice day…

    Best regards,
    Fisnik

      


    Coder24.com
    Friday, August 14, 2009 9:55 AM
  • i think c/c++ will be better!!!
    Sunday, September 19, 2010 4:30 PM
  • i think c/c++ will be better!!!

    Yeah it works better for the effeciency.
    Anyway, C# works as well, only make
    A DLL of C/C++ functions and P/Invoke
    those.
    Coder24.com
    Thursday, October 28, 2010 6:02 PM
  • Your filter driver is probably C. You might have a usermode service that could be written in pretty much anything.
    Thursday, October 28, 2010 7:14 PM
  • Your filter driver is probably C. You might have a usermode service that could be written in pretty much anything.

    @David: Yeah I already know that, it’s why I am using C# for the User Mode Space,
    and NOT for the core kernel of the scan engine.

    I hope this information was helpful…

    Have a nice day…

    Best regards,
    Fisnik


    Coder24.com
    Friday, October 29, 2010 1:18 PM
  • I suggest you to use c/c++ it's better than vb.net
    Wednesday, May 25, 2011 5:33 AM
  • I've been allotted a project from my university to build an antivirus but I'm confused about which language should I use. Can anyone suggest me the language that should be used in order to complete the project in time and without much complexities? I was thinking of using VB.NET or C/C++.
    The world is a shop and to survive you've to be a good salesman.

    Two Things:

    1) The more tied to the web the Computer or Development Environment is the less secure the computer.

    2) Anti-Virus/Maleware/Worms,etc...Are written by people who are obstructionist, vengeful, or just plain angry. Firewalls are a start followed by interactive scans of incoming data seem to be most effective.  Then again, it isn't easy to catch them before they hit storage.  Removal of damaged files and replacement requires redundancy.

    I realize this post is old and hope you've had much success with school. C/C++ forever. :)


    Jerry Babiome

    Wednesday, February 27, 2013 9:25 PM