Anti virus scanning technique

Posted on 2006-03-20
Medium Priority
Last Modified: 2010-04-11
Hi There

We are trying to decide on the method of opening our data files in our application.
1.Open all at the start keep them open throughout the program them close them ast the end.

2. Open and close files as we nned them in the program.

One of things we are wary of is the Antivirus auto scanning feature. How does the Anitvirus work when a file is open in a file based application given the 2 ways for opening files I have outlined above.
Question by:Idarac
  • 2

Expert Comment

ID: 16244065

I'm not sure if I understood your questions.

1 - Are you writting a AntiVirus and do you want to know what is the best way to handle with virus signatures files?

2 - Are you writting a commercial application, and you are taking care of it doesn't be detected as a virus?

In this case, relax, most (near all) work based in Virus Signatures, which means that AV companys get a "unique" part of the evil code (virus) and use it to compare agains files, proccess, etc.

Other use Heurist, but if you just open and close your files, in your working directory, you will never get accused as a virus.

Some IPS (Intrusion Prevention Systems) work as anomaly rules, if a application "not trusted" try to be executed, it warn the user and deny the access. However, it's the way it work, just add it at the trusted application and all will be fine. :)

off-topic: I belive this doubt about how to handle your dat files, is more relevant from the point of view of your application performance. Check how is the usage of this data files, with frequency they are used, are all frequencys similar, is critical the time response of your applications, should your application run in slow/old machines, .... answer this questions will help you to choose the better method...

Hope this help,


Author Comment

ID: 16246784
Thank you for your response.

I guess I wasn't that clear.

We are building an file based application not an anti virus. But we hear alot about perfomance issues especially when the app is subject to an antivirus set to auto scan.

Keeping the Antivirus in mind what would be the perfomance difference between opening all the file at the beginning and close at the end. Or open and close then as we need them.

Accepted Solution

zgrp earned 2000 total points
ID: 16247935

A AntiVirus is a software that is critial performance, it in general keep a kernel-mode driver that intercept all files access and (in general) use a device to pass the file information to a user level programm, which will scan/analyze the file.

The best way to make the software fast, is when the application start, it check permission, open, read and load/parse ALL the data in the "dat files" and keep it in a memory structure, to be accessed in real-time to the software AntiVrus.

While if a AntiVirus used the other method, it will need each time that a file is opened make more tasks like check file permission, open a file, read a file (depending on the size, it can be a big performance issue),  and load/parse (can be big issue in memory performance too) it in memory, so analyze the file and unalloc this memory block, close the file.

This last one is definitive a bad choice for critical software performance.

I say "load/parse", because all AntiVirus keep a "virus signature database" in a propryetary form file (like a compression) and not in plain-text.

This is made to help:

- Grant against Reverse Eng. in the "virus signature database".

- Make "virus signature database" with smaller size to users download.

- Use digital signarture in "virus signature database" to detect file corruptions and virus modify the file to be avoid in detection. ;)

- Many others.

Well, I hope to had understood your question, I belive your development is not related to a Security tool like a AtiVirus, but as you use a AntiVirus as analogy, I put some specific information in AntiVirus software development, if it's completilly usuless, sorry.

Hope this help,


Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
With more and more companies allowing their employees to work remotely, it begs the question: What are some of the security risks involved with remote employees and what actions should we take to secure them?
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

807 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question