General discussion

Locked

Virus scan engine

By bfadero ·
How does virus scan engine work? How is it able to pick out a computer virus and deal with it?

This conversation is currently closed to new comments.

3 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

Virus scan engine

by erikdr In reply to Virus scan engine

Two basic ways:
* Pattern (signature) recognition. All byte patterns on disk (or passing through a gate, e.g. e-mail firewall, or launched from disk into RAM) are scanned and compared to known virus signatures.
* Heuristic recognition. No pattern database exists, but processes in RAM are matched against a 'normal' behaviour. Any process doing things like copying itself to > 5 files or e-mails, or deleting files in most directories on C:, or changing read-only files, is suspect.
The heuristicmethod has more false alarms but is less suffering from update-mania. Often combinations of techniques are being used, especially useful when viruses are self-modifying (new pattern everytime they replicate).

HTH,

<Erik> - The Netherlands

Collapse -

Virus scan engine

by bfadero In reply to Virus scan engine

Poster rated this answer

Collapse -

Virus scan engine

by bfadero In reply to Virus scan engine

This question was closed by the author

Back to Security Forum
3 total posts (Page 1 of 1)  

Related Discussions

Related Forums