Anti virus scanning technique

Hi There

We are trying to decide on the method of opening our data files in our application.
1.Open all at the start keep them open throughout the program them close them ast the end.

2. Open and close files as we nned them in the program.

One of things we are wary of is the Antivirus auto scanning feature. How does the Anitvirus work when a file is open in a file based application given the 2 ways for opening files I have outlined above.
LVL 1
IdaracAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

zgrpCommented:
Hello,

I'm not sure if I understood your questions.

1 - Are you writting a AntiVirus and do you want to know what is the best way to handle with virus signatures files?

2 - Are you writting a commercial application, and you are taking care of it doesn't be detected as a virus?

In this case, relax, most (near all) work based in Virus Signatures, which means that AV companys get a "unique" part of the evil code (virus) and use it to compare agains files, proccess, etc.

Other use Heurist, but if you just open and close your files, in your working directory, you will never get accused as a virus.

Some IPS (Intrusion Prevention Systems) work as anomaly rules, if a application "not trusted" try to be executed, it warn the user and deny the access. However, it's the way it work, just add it at the trusted application and all will be fine. :)

off-topic: I belive this doubt about how to handle your dat files, is more relevant from the point of view of your application performance. Check how is the usage of this data files, with frequency they are used, are all frequencys similar, is critical the time response of your applications, should your application run in slow/old machines, .... answer this questions will help you to choose the better method...

Hope this help,

Regards,
0
IdaracAuthor Commented:
Thank you for your response.

I guess I wasn't that clear.

We are building an file based application not an anti virus. But we hear alot about perfomance issues especially when the app is subject to an antivirus set to auto scan.

Keeping the Antivirus in mind what would be the perfomance difference between opening all the file at the beginning and close at the end. Or open and close then as we need them.
0
zgrpCommented:
Hello,

A AntiVirus is a software that is critial performance, it in general keep a kernel-mode driver that intercept all files access and (in general) use a device to pass the file information to a user level programm, which will scan/analyze the file.

The best way to make the software fast, is when the application start, it check permission, open, read and load/parse ALL the data in the "dat files" and keep it in a memory structure, to be accessed in real-time to the software AntiVrus.

While if a AntiVirus used the other method, it will need each time that a file is opened make more tasks like check file permission, open a file, read a file (depending on the size, it can be a big performance issue),  and load/parse (can be big issue in memory performance too) it in memory, so analyze the file and unalloc this memory block, close the file.

This last one is definitive a bad choice for critical software performance.

I say "load/parse", because all AntiVirus keep a "virus signature database" in a propryetary form file (like a compression) and not in plain-text.

This is made to help:

- Grant against Reverse Eng. in the "virus signature database".

- Make "virus signature database" with smaller size to users download.

- Use digital signarture in "virus signature database" to detect file corruptions and virus modify the file to be avoid in detection. ;)

- Many others.

Well, I hope to had understood your question, I belive your development is not related to a Security tool like a AtiVirus, but as you use a AntiVirus as analogy, I put some specific information in AntiVirus software development, if it's completilly usuless, sorry.

Hope this help,

Cheers,
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Security

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.