基于签名的防病毒扫描程序要求 [英] Signature based scanner requirements for an antivirus
问题描述
我使用基于签名的恶意软件分析技术制作防病毒软件。我将在我的基于签名的扫描仪中包含一些要点,这些扫描仪将如何工作。我打算用C#.NET编写这个程序。
1.扫描程序将扫描文件并使用MD5将哈希值与数据库中的哈希列表进行比较。
2.扫描仪只扫描低于50MB的文件大小,并跳过某些文件类型,如.txt / .rtf。
3.扫描仪开始扫描,首先是扫描将扫描所有进程及其模块(dll)并在发现为恶意软件时终止它。
4.然后扫描程序将在所有可能的启动位置扫描启动文件夹和注册表项,如果找到,则删除注册表和文件。例如C:\ Users \Username \ AppData \Roaming\Microsoft \ Windows \Start Menu \Programs \Startup
或
HKEY_CURRENT_USER \软件\微软\ Windows \ CurrentVersion \运行
5.搜索本地硬盘并删除恶意软件(如果找到)。
我想知道,这些要点是否足以满足防病毒扫描程序的要求?是否有任何来源,例如书籍,链接等我可以通过它了解更多关于基于签名的扫描仪?
我认为这是一个很好的起点:)
不幸的是每天都有新的东西...
我建议你去看看 Clam Antivirus [ ^ ],它是一个开源的多平台防病毒项目。
然后google并阅读安全新闻(即你可能想看看这个 [ ^ ])
I am making an antivirus by using the signature based malware analysis technique. There are some points which I am going to include in my signature based scanner that how this scanner will work. I am going to write this program in C#.NET.
1. The scanner will scan by hashing the file and comparing the hash with hash list in database using MD5.
2. The scanner will only scan file size that below 50MB and will skip some file types like .txt/.rtf.
3. The scanner start scanning and firstly it will scan for all process and its module (dlls) and terminate it if found as malware.
4. Then the scanner will scan startup folder and registry entry in all possible startup places and if found, delete registry and file. For example C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
or
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
5. Search the local harddrive and delete malware if found.
I want to know, are these points are sufficient for the requirement of the antivirus scanner? Is there any source e.g book,link etc. by which i can understand more about signature based scanner?
I think that it is a good starting point :)
Unfortunately every day there is a something new...
I suggest you to have a look to Clam Antivirus[^], it is an open source multiplatform antivirus project.
Then google and read security news (i.e. you may want look this[^]).
这篇关于基于签名的防病毒扫描程序要求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
