什么类型的特征码可以对病毒进行检查? [英] What type of signatures reconize viruses?

问题描述

我已经阅读了一些有关病毒以及最早的病毒何时生效的文章(ELK CLONE)，但是自那时以来，病毒变得越来越高级，因此，我想知道病毒扫描程序用于哪种类型的签名找到病毒，也许是关于如何在VB中启动它的真正简短解释?

I have read some articles about viruses and when the first viruses came into effect (ELK CLONE) but since then viruses have become more and more advanced and for this reason I would like to know what type of signature a virus scanner uses to find viruses and maybe a real breif explaination of how to start it in VB?

推荐答案

所谓的病毒签名实际上是非常复杂的事情.检查不可更改的文件(如可执行文件)可以将其消耗掉，以检查MD5哈希值.其他文件(如word，excel和其他与MS Office相关的文件)要难得多，因为必须检查可执行宏的内容是否受到常见攻击.
为了使我的答案更简洁一点，我将声明以下内容:
-内容不变的MD5(程序)
-以任何形式出现的病毒的模式识别
(这是真正复杂且复杂的部分
哪些杀毒软件制造商让您付出高昂的代价:)
)

欢呼


曼弗雷德(Manfred)

What is being called a virus signature is a actually a very complex thing. Checking an unalterable file like an executable, can burn this down to checking an MD5 hash. Other files like word ,excel and other MS Office related files are much harder because the executable macro content has to be checked for common attack.
To condense my answer a bit I''ll state this:
- MD5 for content (programs) that do not change
- pattern recognition of viruses in whatever form the may appear
(and this is the really complex and convoluted part
which makers of anti virus software make you pay dearly for :)
)

cheers


Manfred

这篇关于什么类型的特征码可以对病毒进行检查?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！