Nitin, If I am not wrong is that you want to say, "u need an architecture & components involved in detecting the latest unknown threats?"
As you listed few of them and you need some info on which you can decide which component decides the unknown threat as threat. So, the first link given by Sandy gives a good brief of each component. Let us know if you are searching for what is mentioned above. Regards, 0xN41K On Wed, Jul 28, 2010 at 12:53 AM, Sandeep Thakur <[email protected]>wrote: > Can you please let us know your requirement correctly as I see you > have covered all that is required for good and perfect antivirus > software. Most of the below items, you might have taken from below > website. I see it also elaborates each component. > > http://www.symantec.com/connect/articles/building-anti-virus-engine > > I also recommend you to visit the below link to know interesting ideas > which any user usually need from a security program... > http://www.symantec.com/connect/security/ideas > > Further in my opinion, > (1) The antivirus would be ideal when you let user to configure / > modify / update the rules or antivirus definations manually other than > automated fashion using heuristics. > (2) The interface shall be user friendly so that with little bit of > knowledge, a user should be able to write a defination and the tool > shall help him to block or remove such infections / behaviour. > (3) All the modules of antivirus software should be packaged in such a > way that no one or malware should not be able to bypass / break the > antivirus protection. In otherwords, software-tamper proofing. > (4) Also, antivirus or related security softwares shall have > collaboration concept where each client or server when knows any new > behaviour / defination or new rule updated by user for some latest > 0day protection; these all should be communicated to the rest > community automatically. > > > Regards > Sandeep Thakur > > On Jul 27, 8:31 pm, nittbdb <[email protected]> wrote: > > I have this much of information on designing AV engine > > > > Components required for development of a “modern” AV engine: > > > > * Engine core > > * File system layer > > * File type scanners (rtf, ppt, mz, pe, etc.) > > * Memory scanners > > * File Decompression (e.g. ZIP archives, UPX compressed > executables) > > * Code emulators (e.g. Win32) > > * Heuristic engines > > * Update mechanisms. > > > > could you all please elaborate the meaning of each > > components........how each component works.... > > > > On Jul 27, 8:21 pm, nittbdb <[email protected]> wrote: > > > > > > > > > Could you please help me out on ................how to make an anti > > > virus engine which will capture all the latest threats of > > > 2010............ > > > > > I need ur valuable inputs.......pls feel free to give ur > > > opinion........... > > > > > thanks > > > nittb- Hide quoted text - > > > > - Show quoted text - > > -- > You received this message because you are subscribed to the Google Groups > "nforceit" group. > To post to this group, send an email to [email protected]. > To unsubscribe from this group, send email to > [email protected]<nforceit%[email protected]> > . > For more options, visit this group at > http://groups.google.com/group/nforceit?hl=en-GB. > > -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
