Antivirus engine


Published on

1 Comment
  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Antivirus engine

  2. 2. SUBMITTED BY SHILPA C CP1117 1st semesterMsc.ComputerScience
  4. 4. What is a Virus?• A virus is basically an executable file is designed such that of all it should be infect documents, then it has to have the ability to survive by replicating itself and then it should also be avoid detection.
  5. 5. Basics about the virus……..• Virus is program that self-replicate.• Virus is not a data.• You can only catch the virus by running a program.• Your computer can run all kinds of programs.• Most viruses are difficult to detect.• Computer viruses not inherently destructive.• Viruses are designed to corrupt or delete data on the hard disk.
  6. 6. Types of viruses1. File or program virus.2. Boot Sector Virus (MBR or Master Boot Record).3. Multipartite Virus.4. Stealth Virus.5. Polymorphic Virus.6. Macro Virus.
  7. 7. Functional elements of virus. virus Anti detection routines search copyFig 1.Functional diagram of a virus.
  8. 8. NOTES• Every visible computer virus must have at least 2 basic parts (subroutine). 1.A search routine 2.A copy routine 3.An anti-detection routine
  9. 9. Virus In Detail…..1.File or program virus some programs are in disguise ,when they load the memory along with the program and perform some steps and infect the system. They infect the program files like .COM, .BIN, .DRV, .EXE AND .SYS.
  10. 10. sp Stack area FFFFH Uninitialized data COM file image ip 100 H PSP OHcs=ds=es=ss • Fig 2. Memory map just before executing a COM file.
  11. 11. BEFORE AFTER mov dx,257H Timed virus Uninfected host COM file Infected host COM file Jmp 154AH100H mov dx , 257 H 100HFig 3.Replacing the first bytes in a COM file.
  12. 12. EXE File Header Relocation pointer table EXE Load moduleFig 4.The layout of an EXE File
  13. 13. 2. Boot sector virus• Boot sector virus can be the simplest or the most sophisticated of all computerViruses.•Boot sector is the first code to gaincontrol after the ROM startup.•It is very difficult to stop before it loads.
  14. 14. 3.Multipartite virus•A hybrid verity virus.•Only infects files and boot sector.•More destructive.•More difficult to remove.•Once it infect to the boot sector it neverstops.•Example: invader,Flip.
  15. 15. 4.Stealth virus•They are stealth in nature.•They have various methods to hidethemselves.•They highly avoid detection.•Sometimes they reduce the file sizesometimes increases.•Though it try to avoid detection fromscanners.•Example: whale virus.
  16. 16. 5.Polymorphic virus•They are the most difficult virus to detect.•They have the ability to mutate.•Anti viruses which look for the specific viruscode are not able to detect such viruses.
  17. 17. 6.Macro virus•A macro is an executable programembedded in a word processingdocument or other type of file.•Once the macro is running it can copy toother documents, deleting files etc.•Example: Have a Nice Day, concept.
  18. 18. Anti-virus EngineAnti-virus engine designed for detectingTrojans, viruses, malware and othermalicious threats. It is the de factostandard for mail gateway scanning. Itprovides a high performance mutli-threaded scanning daemon, commandline utilities for on demand file scanning,and an intelligent tool for automaticsignature updates.
  19. 19. Anti-virus Approaches• Detection• Identification• Removal
  20. 20. Anti-virus Techniques• Scanars• Monitors• Integrity Checking
  21. 21. Basic virus defense• Install antivirus softwares.• Do not open e-mail attachments.• Do not install new programs without first notifying IT.• Install a firewall on your workstation.• Scan your system regularly.• Do not visit unauthorized web sites.
  22. 22. Thank You………