Antivirus, File Scanning C#

Question

0.00/5 (No votes)

See more:

I'm trying to learn some basics about creating antiviruses. I know that it needs a lot of time and experience to do so but as a beginner I came up with this idea and this question:

I thought about collecting a range of viruses to start, and read them in hex format. Since I already know that these files are viruses, I keep the read hex codes in a database.

Now I can scan a folder and read all files again in hex so if the content of one file matches with one of my stored hex codes then I can say it is a virus.

Now I'd like to know whether I can really judge a file like this and if so how can I really read a lot of files in hex and make comparisons in a way that doesn't take a lot of time ?

Posted 6-Feb-13 23:04pm

Jackson Mackson

Add a Solution

Comments

CHill60 7-Feb-13 5:32am

Can't really comment with any authority but you could also have a look here http://www.codeproject.com/Questions/295195/building-anti-virus-software-with-Csharp
and here (mentions file scanning) http://www.codeproject.com/Questions/190853/How-to-create-an-antivirus-in-C

2 solutions

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

Richard MacCutchan · Accepted Answer · 2013-02-06T23:32:00

I think you actually mean binary comparisons, rather than hex. However, just scanning a file and comparing it with a known virus pattern will not guarantee that the file is also a virus. There are many other checks that need to be done, including checking for embedded code changes that may turn an innocent application into a virus or trojan. As you say in your second sentence this takes a lot of time and experience. You may like to go to some of the anti-virus providers' websites for further information.

Pete O'Hanlon · Accepted Answer · 2013-02-06T23:49:00

The short answer is that you can't validate files like this. Effectively, your description just tells you that a file is identical to another - but this is too simplistic a test. A virus is typically a pattern, rather than a whole file, so it may attempt to infect any exe (for instance). This, of course, means that you would only find one exe file with this technique.

Antivirus, File Scanning C#

2 solutions

Solution 1

Solution 2

Add your solution here

Preview 0