Anti-Virus
How an Antivirus Program Works http://www.net-security.org/article.php?id=485&p=3 {draw:frame}
The information is in the 'Source system' and must reach the 'Destination system'. The source system could be a floppy disk and the destination system could be the hard disk of a computer, or the origin an ISP in which a message is stored and the destination, the Windows communication system in the client machine, Winsock.
The information interpretation system varies depending on whether it is implemented in operating systems, in applications or whether special mechanisms are needed.
The interpretation mechanism must be specific to each operating system or component in which the antivirus is going to be implemented. For example, in Windows 9x, a virtual driver VxD is used, which continually monitors disk activity. In this way, every time the information on a disk or floppy disk is accessed, the antivirus will intercept the read and write calls to the disk, and scan the information to be read or saved. This operation is performed through a driver in kernel mode in Windows NT/2000/XP or an NLM which intercepts disk activity in Novell Antivirus products that are not specially designed for operating systems, but are implemented over other applications, have a different interpretation mechanism. For example, in an antivirus for CVP Firewalls, it is the firewall that provides the antivirus with information in order to scan it through the CVP protocol and in the antivirus for SendMail, the MilterAPI filter facilitates information interpretation.
Sometimes an interpretation mechanism is not provided by the antivirus (such as a VxD) or the application (such as the CVP). In this case, special mechanisms between the application and the antivirus must be used. In other words, resources that intercept information and pass it to the antivirus, offering complete integration in order to disinfect viruses.
Once the information has been scanned, using either
The information is in the 'Source system' and must reach the 'Destination system'. The source system could be a floppy disk and the destination system could be the hard disk of a computer, or the origin an ISP in which a message is stored and the destination, the Windows communication system in the client machine, Winsock.
The information interpretation system varies depending on whether it is implemented in operating systems, in applications or whether special mechanisms are needed.
The interpretation mechanism must be specific to each operating system or component in which the antivirus is going to be implemented. For example, in Windows 9x, a virtual driver VxD is used, which continually monitors disk activity. In this way, every time the information on a disk or floppy disk is accessed, the antivirus will intercept the read and write calls to the disk, and scan the information to be read or saved. This operation is performed through a driver in kernel mode in Windows NT/2000/XP or an NLM which intercepts disk activity in Novell Antivirus products that are not specially designed for operating systems, but are implemented over other applications, have a different interpretation mechanism. For example, in an antivirus for CVP Firewalls, it is the firewall that provides the antivirus with information in order to scan it through the CVP protocol and in the antivirus for SendMail, the MilterAPI filter facilitates information interpretation.
Sometimes an interpretation mechanism is not provided by the antivirus (such as a VxD) or the application (such as the CVP). In this case, special mechanisms between the application and the antivirus must be used. In other words, resources that intercept information and pass it to the antivirus, offering complete integration in order to disinfect viruses.
Once the information has been scanned, using either