Newbie question about how an Antivirus works?

Hi all,

I'm not a programmer and new to a virus field so I have no idea how an Antivirus works. This is my stupid question :

1. When an Antivirus (AV) scan a files this means that an AV looks into and reads every piece of code of a files that are being scanned?, and compares a files's code to its database to identify a virus?

2. If a file (such as Notepad) is being scanned this means that an AV can read a Notepad's source code?

3. If so, this means that an AV can read and know about the source code of every files he scans?

4. When a AV company receives a virus's sample they have to know a virus's source code, how can they read it?

I'm sorry for a stupid question but hope you guys can help me out.

Thanks

 

There are no dumb questions.
When an av scans it is not necessarily reading the code of note pad or what ever file it is scanning. It is looking for virus code that is in the av's database. If your av uses hueristics during a scan in reality what it is doing is making a very educated guess if a certain piece of code may be a virus or trojan. If you send a sample to an av company they will disasemble the code to see what it is you have sent them. This is a simplified explanation but it is basically what an av does. If you need a deeper explanation I can look and find a link that would probably go into much deeper detail.
you can get more info here or here


bigc