information for creating an antivirus

[zaryk]

I apologize if this is in the wrong section or has already been brought up.  I am in search of information on how to create an antivirus.  I have some experience in c# and c++ but not enough to get started.  Then again im not really sure if its even possible or the best way to create an antivirus in c++ or c#.  If it was possible i would expect there to be alot of if/else statement or switch statements.  Here recently it seemed like i was reading that antiviruses are made with binary and hexes, and also include compilers.  Even this im not really sure how an antivirus is structured.  I have tried to look for sample tutorials or full tutorials for antiviruses in both languages with no success.  I have downloaded many ebooks and txt files explaining how viruses work and the history of viruses (all so fascinating) some of which i still have not been able to look at cuz of school and work.  I was wondering which language would be best to create antivirus, where i might able to get a list, a virus definition file possiblely, that is public domain or can be used for commercial use....not like ill be making the antivurs anytime soon.....or just a list in general........and/or even better, an idea on how to be able to break down viruses into source code to see how they are structured .......finding viruses arent a problem for me, especially since i have purposely downloaded a zip file that contained 6000 viruses, left them on my computer for a few days, and was able to get rid of all them and fix the problems they caused with minimal effects.   Any ideas would be helpful?  I am trying my best to learn everthing i can before i start creating the program.   I use windows xp sp2, devc++, borlands c++ compiler, and sharpdevelop.

[Deerpark]

Here's another thread from a user who wanted to create his own AV software.
http://www.computerhope.com/forum/index.php/topic,48826.0.html
Although I doubt he ever even got started since he struggled with basic tasks like checking out source code from a repository.

But if you can find and decode them, the Clam AV virus definitions should give you a lot of material to work with.

[zaryk]

Thanks, that was a lot of help.  The only problem i have had checking repositories for source code are that I have no idea really what the different sections of the codes are dong.  The only reason i have gotten as far as i have and still learning is because i find things to explain what the syntax commands do and visuals help too.  I admit im a beginner but with the right information, and determination, even a beginner can do a professionals job.

Any more ideas?

[zaryk]

So if im understanding this right....When an anti virus scans it is scanning the checksum values, also know as signatures of the file.  The signatures of the file are also hash code.  Is it necessarily md5?

[Deerpark]

Well like I said in the other thread that is the basic (and very oversimplified) idea. An engine that compares hash codes of whole files wouldn't be very complex to implement so it might be worth considering as a beginners project.
Though, in real life making a hash code comparison of entire files isn't a very good idea.
First of all, the whole point of hash codes is only files that are bit for bit identical generates the same hash code. So all a virus programmer would have to do if his virus got discovered was to change a single bit and it would again be undetectable.
Second of all, an engine based on hash codes wouldn't be able to detect viruses that infect legitimate files. Since the hash code generated would depend on the original file + the virus.
What real AV engines do is to look for patterns in the file. If the engines find enough patterns associated with a known virus the file is judged to be infected.

But like I said in the other thread, this is pretty advanced stuff. This isn't for beginners.
Depending your level I would suggest you start out with something relatively simple. You could make a program that can generate the hash code for a file, compare it to one or more known hash codes and tell if it finds a match.

[zaryk]

thanks for replying.  I had already planned on creating a program that does this, but then again, like I stated before I am just gathering information.  One cannot write a research paper without researching the information first, whether it be beginner lvl or advanced lvl, in the end, all information will be helpful.