Jerry Parnell
2008-09-24, 03:21
Hello Everyone,
My name is Jerry Parnell, please just call me Jerry.
I have been wanting to code a virus scanner sence I started programming. When I asked for the first time on the AutoitScript forums, I was told that it was impossible to do in Autoit. I never believed that, and I still dont.
I have been working on a code that checks md5 information in an executible file and compairs it aginst a database of md5 information from a database which would work as the signature files. I have access to a database of 427501 virus samples through offensivecomputing.net, so collection wont be hard.
The best thing about this is, it would be able to effectivly hunt malware created in autoit without false positives as even the autoit compilers output generates a new md5 checksum for each executible that it generates.
My question to you is, how effective do you believe that this method of scanning is?
If you do not believe that this will be effective, do you have any suggestions about how to tackle this problem? I am despret to be able to complete this huge project. i dont know why. I just feel like I NEED to do this. It might seem crazy to you, but I feel like I dont have a choice. It has bugged me sence I started programming, and now I have a chance to pull it off. I have learned enough about autoit to understand that it can be used to pull any information out of an executible file. I just need to know what information to look for.
What information do you guys look for to detect malware? If you arnt allowed to answer that question for security reasons, then maby this would be better; What do you guys recommend that I have my program search for?
I hope that this was clear enough.
Thanks Everyone,
Jerry Parnell
My name is Jerry Parnell, please just call me Jerry.
I have been wanting to code a virus scanner sence I started programming. When I asked for the first time on the AutoitScript forums, I was told that it was impossible to do in Autoit. I never believed that, and I still dont.
I have been working on a code that checks md5 information in an executible file and compairs it aginst a database of md5 information from a database which would work as the signature files. I have access to a database of 427501 virus samples through offensivecomputing.net, so collection wont be hard.
The best thing about this is, it would be able to effectivly hunt malware created in autoit without false positives as even the autoit compilers output generates a new md5 checksum for each executible that it generates.
My question to you is, how effective do you believe that this method of scanning is?
If you do not believe that this will be effective, do you have any suggestions about how to tackle this problem? I am despret to be able to complete this huge project. i dont know why. I just feel like I NEED to do this. It might seem crazy to you, but I feel like I dont have a choice. It has bugged me sence I started programming, and now I have a chance to pull it off. I have learned enough about autoit to understand that it can be used to pull any information out of an executible file. I just need to know what information to look for.
What information do you guys look for to detect malware? If you arnt allowed to answer that question for security reasons, then maby this would be better; What do you guys recommend that I have my program search for?
I hope that this was clear enough.
Thanks Everyone,
Jerry Parnell