Anti virus scanning technique

Posted on 2006-03-20
Last Modified: 2010-04-11
Hi There

We are trying to decide on the method of opening our data files in our application.
1.Open all at the start keep them open throughout the program them close them ast the end.

2. Open and close files as we nned them in the program.

One of things we are wary of is the Antivirus auto scanning feature. How does the Anitvirus work when a file is open in a file based application given the 2 ways for opening files I have outlined above.
Question by:Idarac
    LVL 3

    Expert Comment


    I'm not sure if I understood your questions.

    1 - Are you writting a AntiVirus and do you want to know what is the best way to handle with virus signatures files?

    2 - Are you writting a commercial application, and you are taking care of it doesn't be detected as a virus?

    In this case, relax, most (near all) work based in Virus Signatures, which means that AV companys get a "unique" part of the evil code (virus) and use it to compare agains files, proccess, etc.

    Other use Heurist, but if you just open and close your files, in your working directory, you will never get accused as a virus.

    Some IPS (Intrusion Prevention Systems) work as anomaly rules, if a application "not trusted" try to be executed, it warn the user and deny the access. However, it's the way it work, just add it at the trusted application and all will be fine. :)

    off-topic: I belive this doubt about how to handle your dat files, is more relevant from the point of view of your application performance. Check how is the usage of this data files, with frequency they are used, are all frequencys similar, is critical the time response of your applications, should your application run in slow/old machines, .... answer this questions will help you to choose the better method...

    Hope this help,

    LVL 1

    Author Comment

    Thank you for your response.

    I guess I wasn't that clear.

    We are building an file based application not an anti virus. But we hear alot about perfomance issues especially when the app is subject to an antivirus set to auto scan.

    Keeping the Antivirus in mind what would be the perfomance difference between opening all the file at the beginning and close at the end. Or open and close then as we need them.
    LVL 3

    Accepted Solution


    A AntiVirus is a software that is critial performance, it in general keep a kernel-mode driver that intercept all files access and (in general) use a device to pass the file information to a user level programm, which will scan/analyze the file.

    The best way to make the software fast, is when the application start, it check permission, open, read and load/parse ALL the data in the "dat files" and keep it in a memory structure, to be accessed in real-time to the software AntiVrus.

    While if a AntiVirus used the other method, it will need each time that a file is opened make more tasks like check file permission, open a file, read a file (depending on the size, it can be a big performance issue),  and load/parse (can be big issue in memory performance too) it in memory, so analyze the file and unalloc this memory block, close the file.

    This last one is definitive a bad choice for critical software performance.

    I say "load/parse", because all AntiVirus keep a "virus signature database" in a propryetary form file (like a compression) and not in plain-text.

    This is made to help:

    - Grant against Reverse Eng. in the "virus signature database".

    - Make "virus signature database" with smaller size to users download.

    - Use digital signarture in "virus signature database" to detect file corruptions and virus modify the file to be avoid in detection. ;)

    - Many others.

    Well, I hope to had understood your question, I belive your development is not related to a Security tool like a AtiVirus, but as you use a AntiVirus as analogy, I put some specific information in AntiVirus software development, if it's completilly usuless, sorry.

    Hope this help,


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    How to run any project with ease

    Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
    - Combine task lists, docs, spreadsheets, and chat in one
    - View and edit from mobile/offline
    - Cut down on emails

    Even if you have implemented a Mobile Device Management solution company wide, it is a good idea to make sure you are taking into account all of the major risks to your electronic protected health information (ePHI).
    This story has been written with permission from the scammed victim, a valued client of mine – identity protected by request.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Here's a very brief overview of the methods PRTG Network Monitor ( offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    7 Experts available now in Live!

    Get 1:1 Help Now