I know that several AVs use the KAV engine, and I think that one uses both KAV and BD engines.

Is the use of the KAV engine, for example, similar to using a product and paying a royalty for its use?
What exactly is an "engine"?

Thanks,
Jerry

i guess they have to buy the rights for using the engine

From what I understand from my reading, an engine is a "method" a program uses for detecting viruses, trojans, and malware. So Kaspersky developed its own "method" for detecting viruses, and it is excellent. Companies, such as Online Armor then pay a royalty for the rights of using the "method" in their products.

Other users will probably be able to enlighten you more.

Alphalutra1

Term "engine" means the entire detection logic. This may or may not include unpacking, decrypting, emulating, all kinds and types of heuristics, pattern matching and so on and so on under one single naming. The Engine.
Like the engine in car, the engine in AV is the heart of software.
So everything thats designed to recognize malware falls under the term "engine".
Standard pattern matching, BitDefender HiVE, NOD32 AH, KAV PDM, Norman Sandbox, VBA32 MalwareScope and a lot more "brand names" also fall under the word "engine". Those who follow the AV scene closely usually separate standard signature matching and heuristics parts as two subclasses of main engine (of course if AV has both).

Thanks for the replies.

Jerry

I'm writing an antivirus software by using programming language C#. I already finished scanning part but engine part is the one I still haven't known! In detail, I don't know how to create virus database, i don't know how to create virus signature and i don't know how to compare the files which will be scanned with the virus database to detect and kill virus! Can you help me?!

Well, maybe it would be smart to look at ClamAV project. It's an open-source antivirus project. Source code is available. I guess they could help you out a bit.
It's not exactly the best engine out there and has problems here and there but basics should be quiet ok.

{QUOTE-> i don't know how to create virus signature and i don't know how to compare the files which will be scanned with the virus database to detect and kill virus! <-QUOTE}

No offense, but then it would probably a better idea to develop something else.

{QUOTE-> In detail, I don't know how to create virus database, i don't know how to create virus signature and i don't know how to compare the files which will be scanned with the virus database to detect and kill virus! <-QUOTE}

well, these are only minor details in a antivirus scanner ;D ;D

More serious: Write an antivirus scanner isn't the simple thing to do. You may be able to scan for files in a hard disk - every average software writer can do it - but before starting a "titanic" project like this you have to study in deep every particular of an antivirus software.

And, last but not less important, are you sure about writing an antivirus software - I mean every single part of the engine - in C#?

I don't think it would be so "effective" in performance - which is another important part in an antivirus scanner :)

Best Regards :)

Please don't just say! Please help me! Please give me any tutorial that you have about antivirus! Thank you very much!

First you have to learn about Filestructures, such as PE32, PE64, LE, NE. Then you can spend some time in learning RVA Section Entrypoints Calculations. After this you can learn how Import/Exportables are working. Then you need to learn OLE things for Macro Viruses, ELF format for linux binaries. Then you need to start reverse runtime packer stubs to develop unpackers. After this you should learn how to find EPO polymorphic viruses with special detection plugins. A good training for this would be the Win9x/SK virus family or Jolla.

further things already said by Happy Bytes, I can propose to read this book (http://www.awprofessional.com/bookstore/product.asp?isbn=0321304543&rl=1), a MUST HAVE imho ;)

Thank you so much! AntiVirus area is my passion! I will try my best to get it! Once again, thank you!

{QUOTE-> Thank you so much! AntiVirus area is my passion! I will try my best to get it! Once again, thank you! <-QUOTE}

Some day down the road maybe you can let us know how you make out? Like to see how far you`ll get along. Good luck.

{QUOTE->
string [] virusSignature = {"trojan","keylogger"};
FileStream fs = new FileStream(fileName,FileMode.Open);
StreamReader sr = new StreamReader(fs);

foreach(string str in virusSignature)
{
if(str.Equals(sr.ReadToEnd().ToString()))
{
listBox1.Items.Add("Warning! Keylogger!");
}
}
<-QUOTE}

This is my virus detecting engine! If I open Notepad and type "keylogger" and save as "virus.txt" and put it at Desktop ---> my anti-virus software can detect it.
But if I open Notepad and type "I'm keylogger" then my anti-virus software can not detect it.
Could you please tell me why and how to fix it?

I can't decide whether this is an insane trolling attempt, or just complete lack of clue and talent...

If it is for real, please do yourself and the world a favour and DON'T write an AV program with your coding skills...

{QUOTE-> This is my virus detecting engine! If I open Notepad and type "keylogger" and save as "virus.txt" and put it at Desktop ---> my anti-virus software can detect it.
But if I open Notepad and type "I'm keylogger" then my anti-virus software can not detect it.
Could you please tell me why and how to fix it? <-QUOTE}
i think you should do what HB said. AV engine isnt that simple.

Im on your side!

If you have enought time and if you love what you do im sure that you will learn fast!
Doing alone such stuff is very complicated but during the time you will meet people with similar ideas.......

;)

{QUOTE-> Im on your side!

If you have enought time and if you love what you do im sure that you will learn fast!
Doing alone such stuff is very complicated but during the time you will meet people with similar ideas.......

;) <-QUOTE}

Thank you! :)
To me, if I don't know a certain thing, I have to ask!
If I want to get knowledge, I have to learn!

I hope someday, someone will help me for that!
Anyway, thank you all!

KAV engine:

eScan
CyberScrub
Steganos
PC TOOLS
AVK
F-Secure
Defender Pro

It's ok?
Is that all?

{QUOTE-> KAV engine:

eScan
CyberScrub
Steganos
PC TOOLS
AVK
F-Secure
Defender Pro

It's ok?
Is that all? <-QUOTE}
There is more than those, the list in the link is not even complete:http://www.kaspersky.com/oemsuccess.:)

phong_robin

I hope that you don't let brash words and negative posts put you off chasing your dreams and aspirations. Everybody has to start somewhere at some time, maybe some people forget how it started for them !

At least you are brave enough to post and ask questions, rather than just sitting there wondering and never doing anything. Maybe some of the others wouldn't have posted in here when they were starting out. But were forums like this around when they where ? Plenty of people complain about others being lazy and/or hanging around the streets causing trouble etc. The fact is you're making the effort to learn, and that should be encouraged.

If i knew of any good books/papers/info etc on learning more about coding for AV i'd tell you, but i don't. But there are people who have posted in here, and others that must have read your requests etc, that are in a position to guide you and point you in the right direction. Why they havn't or won't i don't know ! I'm sure when they were starting out they would have appreciated any real advice and help they could get.

Even if for some reasons it doesn't work out, at least you've tried, and you will have learnt a lot about, and more than just about AV. I wish you well whatever happens.


StevieO

{QUOTE-> There is more than those, the list in the link is not even complete:http://www.kaspersky.com/oemsuccess.:) <-QUOTE}

Thank you...
If Steganos, PC TOOLS, CyberScrub and F-Secure aren't in the list, maybe more AVs uses KAV engine...
If anyone know about, please post here...

{QUOTE-> Thank you! :)
To me, if I don't know a certain thing, I have to ask!
If I want to get knowledge, I have to learn!

I hope someday, someone will help me for that!
Anyway, thank you all! <-QUOTE}


I'm in the same boat as you, my friend. I'd love to get more involved in the AV industry rather than just cleaning PCs all the time, I want to learn how they work much much much more indepth, but it seems endlessly out of reach :(

You might want to read this book: The Art of Computer Virus Research and Defense :)
http://www.amazon.com/gp/product/0321304543/sr=8-1/qid=1141766548/ref=pd_bbs_1/104-5758087-9904748?%5Fencoding=UTF8

{QUOTE-> You might want to read this book: The Art of Computer Virus Research and Defense :)
http://www.amazon.com/gp/product/0321304543/sr=8-1/qid=1141766548/ref=pd_bbs_1/104-5758087-9904748?%5Fencoding=UTF8 <-QUOTE}


Buying now :)

You can download "Art of Computer Virus Research and Defense" Ebook here:

Link to copyrighted material removed ~Ron

{QUOTE-> You can download "Art of Computer Virus Research and Defense" Ebook here:

Link to copyrighted material removed ~Ron

I've never been too much of an eBooker, with this I can curl up to a good reading on polymorphic.


Oh, Peter Szor... *swoon*

I'd suggest buying the book, not pirating it.... doesn't show much respect for his work, doesn't it? The book is an excellent read and worth its money.

{QUOTE-> KAV engine:

eScan
CyberScrub
Steganos
PC TOOLS
AVK
F-Secure
Defender Pro

It's ok?
Is that all? <-QUOTE}
One more: Online Armor AV+ (http://www.tallemu.com) will also use KAV engine.

And eScan's 2006 versions have been released. You will not get it via automatic program update, you must download the product fresh (you never get program updates automatically with eScan).

And BTW, does Steganos offer free upgrades for their products?