AV Engines?

Discussion in 'other anti-virus software' started by JerryM, Feb 23, 2006.

Thread Status:
Not open for further replies.
  1. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    I know that several AVs use the KAV engine, and I think that one uses both KAV and BD engines.

    Is the use of the KAV engine, for example, similar to using a product and paying a royalty for its use?
    What exactly is an "engine"?

    Thanks,
    Jerry
     
  2. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    i guess they have to buy the rights for using the engine
     
  3. Alphalutra1

    Alphalutra1 Registered Member

    Joined:
    Dec 17, 2005
    Posts:
    1,160
    Location:
    127.0.0.0/255.0.0.0
    From what I understand from my reading, an engine is a "method" a program uses for detecting viruses, trojans, and malware. So Kaspersky developed its own "method" for detecting viruses, and it is excellent. Companies, such as Online Armor then pay a royalty for the rights of using the "method" in their products.

    Other users will probably be able to enlighten you more.

    Alphalutra1
     
  4. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Term "engine" means the entire detection logic. This may or may not include unpacking, decrypting, emulating, all kinds and types of heuristics, pattern matching and so on and so on under one single naming. The Engine.
    Like the engine in car, the engine in AV is the heart of software.
    So everything thats designed to recognize malware falls under the term "engine".
    Standard pattern matching, BitDefender HiVE, NOD32 AH, KAV PDM, Norman Sandbox, VBA32 MalwareScope and a lot more "brand names" also fall under the word "engine". Those who follow the AV scene closely usually separate standard signature matching and heuristics parts as two subclasses of main engine (of course if AV has both).
     
  5. JerryM

    JerryM Registered Member

    Joined:
    Aug 31, 2003
    Posts:
    4,306
    Thanks for the replies.

    Jerry
     
  6. phong_robin

    phong_robin Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    6
    I'm writing an antivirus software by using programming language C#. I already finished scanning part but engine part is the one I still haven't known! In detail, I don't know how to create virus database, i don't know how to create virus signature and i don't know how to compare the files which will be scanned with the virus database to detect and kill virus! Can you help me?!
     
  7. RejZoR

    RejZoR Lurker

    Joined:
    May 31, 2004
    Posts:
    6,426
    Well, maybe it would be smart to look at ClamAV project. It's an open-source antivirus project. Source code is available. I guess they could help you out a bit.
    It's not exactly the best engine out there and has problems here and there but basics should be quiet ok.
     
  8. Happy Bytes

    Happy Bytes Guest

    No offense, but then it would probably a better idea to develop something else.
     
  9. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    well, these are only minor details in a antivirus scanner :D :D

    More serious: Write an antivirus scanner isn't the simple thing to do. You may be able to scan for files in a hard disk - every average software writer can do it - but before starting a "titanic" project like this you have to study in deep every particular of an antivirus software.

    And, last but not less important, are you sure about writing an antivirus software - I mean every single part of the engine - in C#?

    I don't think it would be so "effective" in performance - which is another important part in an antivirus scanner :)

    Best Regards :)
     
  10. phong_robin

    phong_robin Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    6
    Please don't just say! Please help me! Please give me any tutorial that you have about antivirus! Thank you very much!
     
  11. Happy Bytes

    Happy Bytes Guest

    First you have to learn about Filestructures, such as PE32, PE64, LE, NE. Then you can spend some time in learning RVA Section Entrypoints Calculations. After this you can learn how Import/Exportables are working. Then you need to learn OLE things for Macro Viruses, ELF format for linux binaries. Then you need to start reverse runtime packer stubs to develop unpackers. After this you should learn how to find EPO polymorphic viruses with special detection plugins. A good training for this would be the Win9x/SK virus family or Jolla.
     
  12. EraserHW

    EraserHW Malware Expert

    Joined:
    Oct 19, 2005
    Posts:
    588
    Location:
    Italy
    further things already said by Happy Bytes, I can propose to read this book, a MUST HAVE imho ;)
     
  13. phong_robin

    phong_robin Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    6
    Thank you so much! AntiVirus area is my passion! I will try my best to get it! Once again, thank you!
     
  14. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Some day down the road maybe you can let us know how you make out? Like to see how far you`ll get along. Good luck.
     
  15. phong_robin

    phong_robin Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    6
    This is my virus detecting engine! If I open Notepad and type "keylogger" and save as "virus.txt" and put it at Desktop ---> my anti-virus software can detect it.
    But if I open Notepad and type "I'm keylogger" then my anti-virus software can not detect it.
    Could you please tell me why and how to fix it?
     
  16. FRug

    FRug Registered Member

    Joined:
    Feb 7, 2006
    Posts:
    309
    I can't decide whether this is an insane trolling attempt, or just complete lack of clue and talent...

    If it is for real, please do yourself and the world a favour and DON'T write an AV program with your coding skills...
     
  17. cupez80

    cupez80 Registered Member

    Joined:
    Jun 28, 2005
    Posts:
    617
    Location:
    Surabaya Indonesia
    i think you should do what HB said. AV engine isnt that simple.
     
  18. Durad

    Durad Registered Member

    Joined:
    Aug 13, 2005
    Posts:
    594
    Location:
    Canada
    Im on your side!

    If you have enought time and if you love what you do im sure that you will learn fast!
    Doing alone such stuff is very complicated but during the time you will meet people with similar ideas.......

    ;)
     
  19. phong_robin

    phong_robin Registered Member

    Joined:
    Feb 25, 2006
    Posts:
    6
    Thank you! :)
    To me, if I don't know a certain thing, I have to ask!
    If I want to get knowledge, I have to learn!

    I hope someday, someone will help me for that!
    Anyway, thank you all!
     
  20. wildvirus88

    wildvirus88 Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    KAV engine:

    eScan
    CyberScrub
    Steganos
    PC TOOLS
    AVK
    F-Secure
    Defender Pro

    It's ok?
    Is that all?
     
  21. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    There is more than those, the list in the link is not even complete:http://www.kaspersky.com/oemsuccess.:)
     
  22. StevieO

    StevieO Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    1,067
    phong_robin

    I hope that you don't let brash words and negative posts put you off chasing your dreams and aspirations. Everybody has to start somewhere at some time, maybe some people forget how it started for them !

    At least you are brave enough to post and ask questions, rather than just sitting there wondering and never doing anything. Maybe some of the others wouldn't have posted in here when they were starting out. But were forums like this around when they where ? Plenty of people complain about others being lazy and/or hanging around the streets causing trouble etc. The fact is you're making the effort to learn, and that should be encouraged.

    If i knew of any good books/papers/info etc on learning more about coding for AV i'd tell you, but i don't. But there are people who have posted in here, and others that must have read your requests etc, that are in a position to guide you and point you in the right direction. Why they havn't or won't i don't know ! I'm sure when they were starting out they would have appreciated any real advice and help they could get.

    Even if for some reasons it doesn't work out, at least you've tried, and you will have learnt a lot about, and more than just about AV. I wish you well whatever happens.


    StevieO
     
  23. wildvirus88

    wildvirus88 Registered Member

    Joined:
    Feb 28, 2004
    Posts:
    331
    Thank you...
    If Steganos, PC TOOLS, CyberScrub and F-Secure aren't in the list, maybe more AVs uses KAV engine...
    If anyone know about, please post here...
     
    Last edited: Mar 7, 2006
  24. Lollan

    Lollan Registered Member

    Joined:
    Feb 2, 2006
    Posts:
    288

    I'm in the same boat as you, my friend. I'd love to get more involved in the AV industry rather than just cleaning PCs all the time, I want to learn how they work much much much more indepth, but it seems endlessly out of reach :(
     
  25. Miyagi

    Miyagi Registered Member

    Joined:
    Mar 12, 2005
    Posts:
    426
    Location:
    None
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.