DevX Home    Today's Headlines   Articles Archive   Tip Bank   Forums   

Results 1 to 8 of 8

Thread: Antivirus Interface

  1. #1
    Join Date
    Nov 2003
    Posts
    118

    Antivirus Interface

    I have found that I can control any Antivirus program using COM.

    I found someone that sells the Antivirus Integration SDK they say that they use COM to Interface with these different security products. The name of the company is OPSWAT, but they charge $1,500 for the product which is on the high side, so If I can do it my self it would be a lot better.

    I know that they had to do some research to find out which interfaces to use, so it is possible, but the question is which one.

    I currently have one security product installed on the development machine that I would like my new product to support.

    The program I have is a program that downloads and uploads files, now what I need to be able to do is scan each file as it is downloaded, with a Antivirus scanner.

    I have been doing some research my self trying to find the interface that the Antivirus uses, but so far no luck.

    If you would like to see this fact sheet see there website and see what this company has to offer. They are too high for me but maybe you can afford their price.

    I tried to attach it to this post but it was too big.

    Here is ther site: http://www.opswat.com/antivirussdk.shtml

    Any help that you can offer would be great.

    Thanks,
    QWERT
    Blue Wave Software

  2. #2
    Join Date
    Dec 2003
    Posts
    3,366
    com is just a dll on steroids, right? Their com has nothing to do with anyone else's com, right? There would be no way to duplicate their work without sitting down and doing it, which probably will cost as much or more than the package. Or did I miss something?

  3. #3
    Join Date
    Nov 2003
    Posts
    4,118
    COM is not the secret. The secret is how to obtain a virus signatures file. Every virus has a binary signature that can be located in a specific offset of the file. Most anti-virus tools use such a local database to check local files. This database is regularly updated, usually from the Internet. The problem is that binaries contaminated wit viruses may have different signatures on each platform. However, I'm not sure I understanda what you're looking for: a corss-platform tool or a cross-platform database of signatures. BTW, signature files are vendors's most kept secrets.
    Danny Kalev

  4. #4
    Join Date
    Nov 2003
    Posts
    118
    I am looking for a way to scan each file.

    QWERT
    Blue Wave Software

  5. #5
    Join Date
    Nov 2003
    Posts
    4,118
    A brute force scan of every byte of every file will result in unacceptble performance. The first thing you have to decide is which types of files you're abou to scan. For example, .exe. .dll and .vbs should be scanned whereas .jpg and .bmp shouldn't (of course, these could be impostors so you have to be careful about this). Then you have to dissect the format of each of these files and see where viruses are likely to hide. Finally, you need to obtain a database of signatures, which is not going to be an easy task because it's considered the most precious intelllectual property of every antivirus developer. You then need to read only the relevant sections of each files, looking for these signatures. This technique isn't bullet proof because some viruses are written in very high level languages such as VBA or JScript. Note also the classic viruses are rather out of fashion these days. The real damage inflicted by malicious code comes from Trojans and worms. The techniques for detecting and preventing them from sneaking into your computer are quite different. Mostly, it's prevention. Next, restricting authorizations and privileges. Finally, a decent firewall.
    Danny Kalev

  6. #6
    Join Date
    Dec 2003
    Posts
    3,366
    a simple method is to do a crc type (checksum or the like) computation on every (executable/virus prone) file on the disk and record it, then compare and alert the user when it changes (if they just saved a .doc file, they click ok, if kernel.exe just changed, they should not). Its an alternative to protect a few key files -- its also what msav used back in dos days, if I am not mistaken...

  7. #7
    Join Date
    Nov 2003
    Posts
    4,118
    Quote Originally Posted by jonnin
    a simple method is to do a crc type (checksum or the like) computation on every (executable/virus prone) file on the disk and record it, then compare and alert the user when it changes (if they just saved a .doc file, they click ok, if kernel.exe just changed, they should not). Its an alternative to protect a few key files -- its also what msav used back in dos days, if I am not mistaken...
    Yes, this is another famous technique. The client creates a CRC database of critical files and the compares these files against the database. Another variation" create a database in every directory for the files it contains. There is one problem with this approach tough: clever viruses know the format and name of this database and can tamper with the CRC values so that virus contaminated files cannot be detected.
    Danny Kalev

  8. #8
    Join Date
    Jul 2007
    Posts
    1

    Opswat

    QWERT

    Did you have conversation with OPSWAT on the antivirus SDK. did you buy it finally. I would certainly like to invest in something like that

    sandy

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center
 
 
FAQ
Latest Articles
Java
.NET
XML
Database
Enterprise
Questions? Contact us.
C++
Web Development
Wireless
Latest Tips
Open Source


   Development Centers

   -- Android Development Center
   -- Cloud Development Project Center
   -- HTML5 Development Center
   -- Windows Mobile Development Center