Page 1 of 3
PureAV Alpha1 Build 105 - Antivirus in PB :D
Posted: Tue Mar 28, 2006 9:49 pm
by Inf0Byt3
Hi, this is just a small preview of the upcoming PureAV, world's smallest antivirus totally made in PB4.0. Please test it and if you like it and wanna help with the development, PM me.
The engine uses very simple detection algos. I am thinking to LGPL it, as soon it gets bigger - now it's too simple
.
The only detected item for now is Eicar Standard antivirus test file - included in the package. Hope you like it...
Here's the link:
File:1->
PureAV_0.1_Alpha1_Build_105.zip
Posted: Tue Mar 28, 2006 9:53 pm
by thefool
haha
i cant download the file as my current av aborts it.
*pausing it*
i'll be back with a report later
edit:
Works nicely
Looks real good hehe
Posted: Tue Mar 28, 2006 10:00 pm
by Inf0Byt3
Thanks
.
Posted: Tue Mar 28, 2006 10:05 pm
by thefool
and by the way: It DOES detect eicar
Now needed: Support for scanning packed files (inside zip files, not 100% needed though as they arent that dangerous when packed
), support for scanning a single file, support for doing a running-processes-and-their-modules only scan (i miss that from av's!), on-access scan (not needed 100% atm), scanning packed and protected files (use a pe-identifyer to see what kind of packer they are using. If they use things like MEW or so thats often used to compress trojans, instead of a virus alert throw in a heuristic warning that it CAN be a trojan. Simply unpack upx packed files to a temp dir, and for other packers try some generic unpackers they might work. Grap a look at programmerstools.org)
Posted: Tue Mar 28, 2006 10:13 pm
by Inf0Byt3
Yes, they are on the list now
, although I'll need some help. If you find any free time, I hope you can help me with the packed exes? That would be very cool.
Posted: Tue Mar 28, 2006 10:31 pm
by thefool
Inf0Byt3 wrote:Yes, they are on the list now
, although I'll need some help. If you find any free time, I hope you can help me with the packed exes? That would be very cool.
I could probably help you a little. Though it will require use of external tools..!
Posted: Tue Mar 28, 2006 10:48 pm
by Inf0Byt3
Thanks! External tools , you mean depackers and stuff?
Posted: Tue Mar 28, 2006 10:53 pm
by thefool
Yup
btw im having a look at that delphi source, and something else a nice guy sent me (about running and injecting pe's in memory)
Posted: Tue Mar 28, 2006 10:55 pm
by Inf0Byt3
Great! I own you
. I hope it's translateable...
Posted: Tue Mar 28, 2006 11:51 pm
by dagcrack
I think you "owe" him, but, anyway, everyone Owns him
Silly me, I suggested some stuff via PM just to find out thefool suggested the same over here..!
I worked with delphi 4 years ago, wheres the source?
Re: PureAV Alpha1 Build 105 - Antivirus in PB :D
Posted: Tue Mar 28, 2006 11:57 pm
by Shannara
Inf0Byt3 wrote:I am thinking to LGPL it, as soon it gets bigger - now it's too simple
.
Posted: Wed Mar 29, 2006 12:05 pm
by Inf0Byt3
@dagcrack:
No problem, you couldn't know thefool said that too
. BTW, here's the link to the code I was trying to find a translation for:
http://www.purebasic.fr/english/viewtopic.php?t=20750
Give it a try if you have any free time
.
@shannara
What's wrong with LGPL
Posted: Wed Mar 29, 2006 12:21 pm
by Num3
W
W !!!!
Now i'm impressed !!!
Great work!
Posted: Wed Mar 29, 2006 1:37 pm
by Inf0Byt3
Thanks Num3! If I suceeded to impress you, which are a good coder, I' m good
.
Posted: Wed Mar 29, 2006 2:25 pm
by va!n
archive is corrupt! file is everytime 43.102 bytes here