Newbie question about how an Antivirus works?

Discussion in 'other anti-virus software' started by Emp, May 31, 2004.

Thread Status:
Not open for further replies.
  1. Emp

    Emp Guest

    Hi all,

    I'm not a programmer and new to a virus field so I have no idea how an Antivirus works. This is my stupid question :

    1. When an Antivirus (AV) scan a files this means that an AV looks into and reads every piece of code of a files that are being scanned?, and compares a files's code to its database to identify a virus?

    2. If a file (such as Notepad) is being scanned this means that an AV can read a Notepad's source code?

    3. If so, this means that an AV can read and know about the source code of every files he scans?

    4. When a AV company receives a virus's sample they have to know a virus's source code, how can they read it?

    I'm sorry for a stupid question but hope you guys can help me out.

    Thanks
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    There are no dumb questions.
    When an av scans it is not necessarily reading the code of note pad or what ever file it is scanning. It is looking for virus code that is in the av's database. If your av uses hueristics during a scan in reality what it is doing is making a very educated guess if a certain piece of code may be a virus or trojan. If you send a sample to an av company they will disasemble the code to see what it is you have sent them. This is a simplified explanation but it is basically what an av does. If you need a deeper explanation I can look and find a link that would probably go into much deeper detail.
    you can get more info here or here


    bigc
     
Loading...
Thread Status:
Not open for further replies.