This is number two of my Anti Virus Program!
Now the software is able to detect every virus by scanning for checksums (again: Only the viruses wich are mentioned in the DB). The demo db includes the checksums of some popular Virii (e.g. Code Red, Klez, Magistrar + Eicar Testvirus). I have completeley over worked the Scaning algorithm. It is now able to scann 150MB (~7000 Files) within 35s. That means it is three times faster than my previous version! I have also totally changed the GUI: It has move-down menues like the Explorer has. Other new stuff: 1) There's also a function that scans a whole directory (and sub folders) for virii. 2) "Fast file search" function this is a manipulated cDialog that allows to scan the file without leaving the cDialog! 3) There's also a possibility to "secure" files. This is like a quarantaine function: It stores the file encrypted to prevent it from beeing executed!
Note: Due to the size or complexity of this submission, the author has submitted it as a .zip file to shorten your download time. Afterdownloading it, you will need a program like Winzip to decompress it.Virus note:All files are scanned once-a-day by Planet Source Code for viruses, but new viruses come
out every day, so no prevention program can catch 100% of them. For your own safety, please:
Re-scan downloaded files using your personal virus checker before using it.
NEVER, EVER run compiled files (.exe's, .ocx's, .dll's etc.)--only run source code.
Scan the source code with Minnow's Project Scanner
If you don't have a virus scanner, you can get one at many places on the net
including:McAfee.com
Terms of Agreement:
By using this code, you agree to the following terms...
You may use
this code in your own programs (and may compile it into a program and distribute it in compiled format for languages that allow it) freely and with no charge.
You MAY NOT redistribute this code (for example to a web site) without written permission from the original author. Failure to do so is a violation of copyright laws.
You may link to this code from another website, but ONLY if it is not wrapped in a frame.
You will abide by any additional copyright restrictions which the author may have placed in the code or code's description.
Not bad... good peice of code... there are only two things i would recommend... 1) Change the interface a bit and 2) for more quicker scanning why don't you multiply a form 10 times or so and then make them all scan different files... might take some work but it will increase scanning speeds.. 5 from me budy! (If this comment was disrespectful, please report it.)
2/8/2004 12:53:29 PM:
Hey, I have tested your code and see thats he find eicar test virus. I think that you did this because i had comment on your (noname) prev post. Now he find. Good work, but he don't find the virus in a zip file. One globe more . 4 **** (If this comment was disrespectful, please report it.)
THX to all! and again to the anonymous: Next time ZIP files will be checked too! (hope to get 5 globes then :-)) (If this comment was disrespectful, please report it.)
DO NOT USE THAT SUGGESTION! Do not create multiple forms, instead try multiple threads that scan multiple files at once. I dont see how this would be helpfull unless each thread scanned a file from a different hard drive anyways, after all a virus scan is limited by two things, the efficiency of the scaning engine and the speed of your seek/read in your hard drive.
I belive multiple threads for a virus scanner is a bad idea. Multiple forms simulation multiple threads is an even worse idea.
Btw, nice code. Good idea and great work! (If this comment was disrespectful, please report it.)
Good work, It doesn't matter if you use threads, or multiple forms, the speed of reading a file is directly related with the hard disk functions provided by the SO, and the HD is a critical resource because if some process get access to hard disk most of the time lock to others to acess the same resource or it divide the speed when more than one process access the HD depending of the SO or Type of processor. (If this comment was disrespectful, please report it.)
I got many requests for my CRC Checksums to my Emailaddress. It's true: I create the CRCs on myself, but when somebody knows a public list with checksums please inform me!
And at last: I have updated the program with a new online signature file, that means the update function works!
(If this comment was disrespectful, please report it.)
I like the changes you made to your second edition. Hate to tell you, but I'm going to steal that gui menu method from you....
Here goes the constructive critism again: With this version, it's scanning capabilities are only a little better, single file scan works great along with specific dir scans. Scanning the WHOLE drive doesn't work though; it reads threw the drive but doesn't notify upon finding dangerous files.
I once made a scanning engine and it worked by reading in file def's from a txt file into an array, then it compared the results of the findfirstfile and findnextfile to each element in the array. That allowed me to search for 400+ files at the same time within a single dive scan.
Your prog stops once it finds the first file that matches the criteria, not good.
Anyhow, sweet job with the CRC32, that was my complaint within version 1.
Mugman
P.S. Scan running processes on prog load.... (If this comment was disrespectful, please report it.)
I am new to this area. Can you please explain to me why just check the crc will know the virus is inside. Does crc is different in diffrent file. If the same virus port in diffrent file, how to check it. Thank you for answering my question. You may be brief if you have not time. I will try to understand it. (If this comment was disrespectful, please report it.)
The CRC is accurate due to the fact no two files can have the same. The CRC is a mathmatical formula that is created from every single bit (a 0 or 1) within the file. Think of the CRC like you would think of DNA.
(If this comment was disrespectful, please report it.)
Scanning the drive works! The problem is: There are too many files. My engine makes at first a "list" of all files. This takes a lot of time. I checked my smaller HD (8GB) within 31 minutes -> It is possible to scan the HD. I know, that this isn't fast but it works!
Jeff, CRC32 is a Checksum Algorithm. There are many others (MD5, HASH4...). The propose of checksums is to generate a unique ID for files.
This checksum is Alphanumerical-> Millions of combinations -> The possibility of finding two different files with the same checksum is 0.
>>... will know the virus is inside The software isn't able to detect Virii wich infects other files, but single, exe Virii.
Hope I could help you!
CC
(If this comment was disrespectful, please report it.)
oh, big difference, I compare file name, then if match is found, i look at the check sum. calculating the crc for every file takes too long, if you know the filename, size, date ect. look for that first, use the crc to confirm OR write it in C (which isn't too hard). (If this comment was disrespectful, please report it.)
Ok, have to ask you again. I seen to be mix with virus and virii. So, can you tell me what is virii. Same rule, brief explaination and I will find it myself.
Thank you. (If this comment was disrespectful, please report it.)
oops, hit the tab key on accident. Technically the word 'Virii' is incorrect and should be 'Viruses' but many people still utilize the word 'Virii' to asociate many 'virus'. besides, it sound far better to me to say the two-syllable 'Virii' than the three-syllable 'Viruses'. (If this comment was disrespectful, please report it.)
I've a question: I wanted to implement those "kernal hook drivers" to the next version (will be released soon) but I couldn't find enough information about it. Is there really no other way of Filemonitoring, or are there free dlls enabling me to use the khd in VB?
Please help me! (If this comment was disrespectful, please report it.)
Chris, working on a file system monitor driver now, just started tonight. It's a vxd driver (kernal hook basically). Once I finish it, I'll hook you up with the compiled version so you can monitor in real time. (If this comment was disrespectful, please report it.)
Function FindFilesAPI(path As String, SearchStr As String, FileCount As Long, DirCount As Integer) Dim joe() As String Dim fi As Integer fi = FreeFile Dim pat As String pat = App.path & "\test2.txt" Dim tom As String Dim inte As Integer inte = 0 Open pat For Input As #fi Do While Not EOF(fi) Line Input #fi, tom ReDim Preserve joe(inte) joe(inte) = tom inte = inte + 1 tom = "" Loop Close #fi (If this comment was disrespectful, please report it.)
Dim FileName As String ' Walking filename variable... Dim DirName As String ' SubDirectory Name Dim dirNames() As String ' Buffer for directory name entries Dim nDir As Integer ' Number of directories in this path Dim i As Integer ' For-loop counter... Dim hSearch As Long ' Search Handle Dim WFD As WIN32_FIND_DATA Dim Cont As Integer If Right(path, 1) <> "\" Then path = path & "\" nDir = 0 ReDim dirNames(nDir) Cont = True hSearch = FindFirstFile(path & "*", WFD) If hSearch <> INVALID_HANDLE_VALUE Then Do While Cont If Cancel = True Then Exit Function End If DoEvents (If this comment was disrespectful, please report it.)
If hSearch <> INVALID_HANDLE_VALUE Then While Cont DoEvents If Cancel = True Then Exit Function End If FileName = StripNulls(WFD.cFileName) If (FileName <> ".") And (FileName <> "..") Then FindFilesAPI = FindFilesAPI + (WFD.nFileSizeHigh * MAXDWORD) + WFD.nFileSizeLow FileCount = FileCount + 1 Label5.Caption = FileCount For i = 0 To UBound(joe) If FileName = joe(i) Then List1.AddItem path & FileName End If Next i End If Cont = FindNextFile(hSearch, WFD) Wend Cont = FindClose(hSearch) End If If nDir > 0 Then For i = 0 To nDir - 1 FindFilesAPI = FindFilesAPI + FindFilesAPI(path & dirNames(i) & "\", SearchStr, FileCount, DirCount) Next i End If End Function (If this comment was disrespectful, please report it.)
Check out version 3.0 available at: http://www.pscode.com/vb/scripts/ShowCode.asp?txtCodeId=51899&lngWId=1 (If this comment was disrespectful, please report it.)
2/23/2004 6:53:07 PM:
nicely made and the gui isnt bad either however this virus scan is severly flawed. most malicious programs are NOT exactly the same on different computers, so the checksum may not match. A better way would: extract amount of bytes from an infected file, and save it as the 'signature'. Then search for that signature within files. Sure it will be ALOT slower, but then it would have assurity that it would find the virus.
Since some viruses actually attach themselves to programs (such as Explorer.exe) using a checksum would fail.
Start using signatures and im sure u'll get better results and better comments (If this comment was disrespectful, please report it.)
No problem (If this comment was disrespectful, please report it.)
3/18/2004 3:30:16 PM:
I can get you the checksum to over 10000 viruses...Let me know if you want them...Gibsonbaud4@aol.com (If this comment was disrespectful, please report it.)
3/21/2004 7:00:38 AM:
i can get crc32 for over 40k of virii, by the way av's dont use crc32.. if a win32 exe infects another file its crc32 will change!! . They use scan strings. (If this comment was disrespectful, please report it.)
3/24/2004 4:08:31 PM:
I noticed that the engine works by checking for checksums. This will only be effective on 35% of known viruses. Stealth viruses can easily get through this. I suggest an engine that searches for virus signatures. I am working on one too. (If this comment was disrespectful, please report it.)
3/24/2004 4:11:04 PM:
PS: But I still give this a globe. If you want i can get you the free code for SystemTrayIcon. Email me at kerowen at 2die4 dot com (If this comment was disrespectful, please report it.)
I know the problem with the checksums and have included an extra engine, that scans for virus specific strings, in the next version.
Thanks CC (If this comment was disrespectful, please report it.)
3/25/2004 1:51:23 PM:
Good. The update part where it hooks the MSINET.OCX...not all users have that file. I can give you a code that I'm working on that allows you to hook Winsock2. I'm modifying it from a previous one that I got for free for Winsock 1 so its not yet fully functional for Winsock2 but...::shrug:: (If this comment was disrespectful, please report it.)
3/29/2004 7:11:30 PM:
This will Fix the crash on update
Private Sign() As String 'The Signatures will be loaded into this array Private SignVirusType() As String * 1 Private SignVirusName() As String
ReDim Preserve Sign(0 To X) As String ReDim Preserve SignVirusType(0 To X) As String * 1 ReDim Preserve SignVirusName(0 To X) As String (If this comment was disrespectful, please report it.)
3/29/2004 7:12:20 PM:
Next X ReDim Preserve Sign(0 To X + 1) As String Sign(X + 1) = "#END#" AV.Signature.SignatureDate = Sign(0) AV.Signature.SignatureCount = UBound(swords) - 1 (If this comment was disrespectful, please report it.)
Nice code. While looking at your app, I was wondering how easy (or hard) it might be to mae it compatible with other virus.dat files.. In other words able to read the Norton, McCaffee, CA and other virus programs dat files? As a newbie programmer, a document on how to create virus.dat files for this would be useful as well if possible. Thanks
Malakie (If this comment was disrespectful, please report it.)
3/12/2005 7:15:53 AM:
very good... its more than basic. (If this comment was disrespectful, please report it.)
Whoa dude... dont rip someones code.. the code for the drag & drop basket comes from somewhere else on pscode, and that crc32 algorythem is verry familliar to me for some reason.. dont steal code! (If this comment was disrespectful, please report it.)
Wow... Your a Best, Good (If this comment was disrespectful, please report it.)
Add Your Feedback
Your feedback will be posted below and an email sent to
the author. Please remember that the author was kind enough to
share this with you, so any criticisms must be stated politely, or they
will be deleted. (For feedback not related to this particular code, please
click here instead.)
By 87 Users
Download code
2/8/2004 11:48:32 AM: 
