[Clamav-devel] Basics of ClamAV: developing for Win8 and dist thru app store
northtech.au at gmail.com
Mon Feb 17 21:13:12 EST 2014
>From what I can see so far, ClamAV provides a shared library which does the
scanning and provides tools, e.g. unpacking archives for scanning, updating
the malware databases. So perhaps providing a ClamAV app is not much more
than a UI which calls the library to scan and update.
Is that an oversimplification? I'm a little lost since I'm still learning
how AV programs work generally. I've got the idea with virus signatures
which AV programs look for, and they probably go through the entire FS
looking inside files for those signatures. I don't know about how
heuristics work, and what might be done for specific platforms, e.g.
scanning the Windows registry for entries like login notify and other areas
malware might hook into. Same for browser malware, e.g. scanning JS or
whatever is done there.
I'm thinking about a free ClamAV Suite for Windows 8/8.1 which can be
fetched from the Windows App Store. If it's "simple" like providing a good
UI and using the shared library, would it make sense to fork the ClamAV
sources and, since it's originally written for UNIX-like platforms, provide
a Windows-specific AV engine? I know Windows can support POSIX programs,
but would a Windows AV engine using native Windows calls, threading, etc.,
be a good idea if there's the time and patience to develop it?
Is there any documentation which gives me a good overall picture of how it
works, linking to the shared library, launching scans, updating, what it
does (if anything; would a user of the library do it?) with malware that it
finds? On Windows, would a user of the ClamAV library do anything such as
keep a list of hashes of known Windows system DLLs and check those, if
that's a good idea? What about scanning the boot area?
Thanks for any guidance or tips.
More information about the clamav-devel