Hello, >From what I can see so far, ClamAV provides a shared library which does the scanning and provides tools, e.g. unpacking archives for scanning, updating the malware databases. So perhaps providing a ClamAV app is not much more than a UI which calls the library to scan and update.
Is that an oversimplification? I'm a little lost since I'm still learning how AV programs work generally. I've got the idea with virus signatures which AV programs look for, and they probably go through the entire FS looking inside files for those signatures. I don't know about how heuristics work, and what might be done for specific platforms, e.g. scanning the Windows registry for entries like login notify and other areas malware might hook into. Same for browser malware, e.g. scanning JS or whatever is done there. I'm thinking about a free ClamAV Suite for Windows 8/8.1 which can be fetched from the Windows App Store. If it's "simple" like providing a good UI and using the shared library, would it make sense to fork the ClamAV sources and, since it's originally written for UNIX-like platforms, provide a Windows-specific AV engine? I know Windows can support POSIX programs, but would a Windows AV engine using native Windows calls, threading, etc., be a good idea if there's the time and patience to develop it? Is there any documentation which gives me a good overall picture of how it works, linking to the shared library, launching scans, updating, what it does (if anything; would a user of the library do it?) with malware that it finds? On Windows, would a user of the ClamAV library do anything such as keep a list of hashes of known Windows system DLLs and check those, if that's a good idea? What about scanning the boot area? Thanks for any guidance or tips. James _______________________________________________ http://lurker.clamav.net/list/clamav-devel.html Please submit your patches to our Bugzilla: http://bugs.clamav.net
