如何编写签名数据库的防病毒? [英] How to write signatures database for AntiVirus?
问题描述
我写小code在C扫描所有文件和放大器;文件夹在我的硬盘......,它也可以读出的可执行文件(如.exe文件)的二进制code中的上半部分,并将其与内嵌一个二进制的签名进行比较(十六进制再presentation)。它可以显示一个消息,如果签名匹配任何扫描文件的bin code。
i wrote small code in C to scan all files & folders in my hard drive... and it also can read the upper part of the binary code of executable files (like .exe ) and compare it with an inline single binary signature (in hexadecimal representation) . It can show a message if the signature matches the bin code of any scanned file.
我们注意到我保存样本签名数组,因为它只是一个签名。 我有什么做的,如果我想添加很多其他的签名!我需要使用一个数据库!但我需要什么样的数据库?并应我需要使用SQL查询来获取和比较的签名!什么样的数据库做商业防病毒软件(卡巴斯基,Symantic,..等)使用? 任何想法PLZ?
We notice that i saved the sample signature in an array because it is just one signature. What i have to do if i want to add lots of other signatures! I need to use a database! But what kind of database do i need? and shall i need to use SQL query to get and compare the signatures! what kind of database do the commercial antiviruses (Kaspersky, Symantic, ..etc) use? any idea plz?
推荐答案
的 Berkeley DB的是一个自由/开源嵌入式数据库库,基本上是在磁盘上(搜索树或哈希表,根据设置)一个键值存储。它比SQLite的甚至更简单,因为它避免关系数据和SQL的想法。
Berkeley DB is a free/open source embedded database library that is basically a key-value store on disk (search tree or hash table, depending on settings). It's even simpler than SQLite because it avoids the idea of relational data and SQL.
您可以使用的病毒签名,密钥和他们的名字作为值,例如
You could use virus signatures as keys and their names as values, for example.
这篇关于如何编写签名数据库的防病毒?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
