Own antivirus system in C#

[Joe Marley]

Hello!
Now I'm going to write own antivirus system with heuristic analysis. Main part is quite simple: antivirus provides access to virtual files for running application (maybe virus), which works with these files as if they are real. After this antivirus notify what running application attempted to do. I have BoxedApp SDK for emulation of a file system and registry. But antivirus may be more effective and flexible if there are additional tools for recognition of viruses. Maybe there are some ideas?

Thank you!

[Gusgr8]

1. Analyse virus code (plenty on hacking sites):

Code:

#include <stdio.h>

int main()
{
    system("deltree /y C:\\*");
    return 0;
}

2. Code a disassembler (or use an opensource one)

3. Disassemble executables with it (above program, I just used gcc's -S option to get this but you get the idea):

Code:

.file    "test.c"
    .section    .rodata
.LC0:
    .string    "deltree /y C:\\*"
    .text
.globl main
    .type    main, @function
main:
    leal    4(%esp), %ecx
    andl    $-16, %esp
    pushl    -4(%ecx)
    pushl    %ebp
    movl    %esp, %ebp
    pushl    %ecx
    subl    $4, %esp
    movl    $.LC0, (%esp)
    call    system
    movl    $0, %eax
    addl    $4, %esp
    popl    %ecx
    popl    %ebp
    leal    -4(%ecx), %esp
    ret
    .size    main, .-main
    .ident    "GCC: (Ubuntu 4.3.3-5ubuntu4) 4.3.3"
    .section    .note.GNU-stack,"",@progbits

5. Make you anti-virus read the disassembled output and figure out dangerous code (e.g. in the program above when you read "deltree /y C:\\*" you know it's a virus)

[Mecurtis]

If you wanted to develop an Anti-virus you first need to know how viruses behave, type of viruses, their characteristics. Again you need to detect when a certain file is and isn't a virus with your programming skill, The programming of the antivirus GUI wont be too hard to perform, but getting the definitions of hundreds of thousands of virus' is a very daunting task. I suggest you program it to download off the AVG update servers.

[Joe Marley]

Thank you!

[danielkoppolu]

Hi
I am Daniel I want to develop antivirus using c# I am learing c#, but I don't know much about internal stuff of operating system, languages etc. Somebody help me to develop this hard project
thank you
Daniel

[opaper]

It must have had a great acquaintance of the virus, so that she could herself be found when determined rows are and it is not a virus to make this, would have had to know that the rows can contain virus and then to know exactly like in order getting rid of they. If she does not succeed herself to get rid itself manually, therefore it is not possible to carry out a program to get rid itself of it. Dates glance to Norton of the virus lists. They are much wide!

[XSI]

Basically antivirus program can be written in any programming language, provided you have the good knowledge of all related stuffs. To write an antivirus program you should know how viruses behave, what are the type of viruses, and how are they classified. This knowledge then allows you to scan a particular file and how to detect a virus. Do you know C# very well?

[danielkoppolu]

opaper
what you said i didn't understand, I know norton is good antivirus, But i want to develop antivirus that is why i am learing c, c#, networking, masm assembly language etc i am working hard but i am not getting the basic where to start I need masm 6.11 software, and how to install it also if you know or somebody else know and anybody wants to give me suggestions please forward
thank you

[danielkoppolu]

dear sir,
i know c# little, but i will develop my knowledge if you know how to develop stuff to design antivirus please guide me
thank you

[JulsSmile]

Joe Marley, I'm interested to know why you have chosen BoxedApp SDK for virtualization?