We help IT Professionals succeed at work.

Anti virus scanning technique

Idarac asked
Medium Priority
Last Modified: 2010-04-11
Hi There

We are trying to decide on the method of opening our data files in our application.
1.Open all at the start keep them open throughout the program them close them ast the end.

2. Open and close files as we nned them in the program.

One of things we are wary of is the Antivirus auto scanning feature. How does the Anitvirus work when a file is open in a file based application given the 2 ways for opening files I have outlined above.
Watch Question


I'm not sure if I understood your questions.

1 - Are you writting a AntiVirus and do you want to know what is the best way to handle with virus signatures files?

2 - Are you writting a commercial application, and you are taking care of it doesn't be detected as a virus?

In this case, relax, most (near all) work based in Virus Signatures, which means that AV companys get a "unique" part of the evil code (virus) and use it to compare agains files, proccess, etc.

Other use Heurist, but if you just open and close your files, in your working directory, you will never get accused as a virus.

Some IPS (Intrusion Prevention Systems) work as anomaly rules, if a application "not trusted" try to be executed, it warn the user and deny the access. However, it's the way it work, just add it at the trusted application and all will be fine. :)

off-topic: I belive this doubt about how to handle your dat files, is more relevant from the point of view of your application performance. Check how is the usage of this data files, with frequency they are used, are all frequencys similar, is critical the time response of your applications, should your application run in slow/old machines, .... answer this questions will help you to choose the better method...

Hope this help,



Thank you for your response.

I guess I wasn't that clear.

We are building an file based application not an anti virus. But we hear alot about perfomance issues especially when the app is subject to an antivirus set to auto scan.

Keeping the Antivirus in mind what would be the perfomance difference between opening all the file at the beginning and close at the end. Or open and close then as we need them.

A AntiVirus is a software that is critial performance, it in general keep a kernel-mode driver that intercept all files access and (in general) use a device to pass the file information to a user level programm, which will scan/analyze the file.

The best way to make the software fast, is when the application start, it check permission, open, read and load/parse ALL the data in the "dat files" and keep it in a memory structure, to be accessed in real-time to the software AntiVrus.

While if a AntiVirus used the other method, it will need each time that a file is opened make more tasks like check file permission, open a file, read a file (depending on the size, it can be a big performance issue),  and load/parse (can be big issue in memory performance too) it in memory, so analyze the file and unalloc this memory block, close the file.

This last one is definitive a bad choice for critical software performance.

I say "load/parse", because all AntiVirus keep a "virus signature database" in a propryetary form file (like a compression) and not in plain-text.

This is made to help:

- Grant against Reverse Eng. in the "virus signature database".

- Make "virus signature database" with smaller size to users download.

- Use digital signarture in "virus signature database" to detect file corruptions and virus modify the file to be avoid in detection. ;)

- Many others.

Well, I hope to had understood your question, I belive your development is not related to a Security tool like a AtiVirus, but as you use a AntiVirus as analogy, I put some specific information in AntiVirus software development, if it's completilly usuless, sorry.

Hope this help,


Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.


Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.