evil AV (on development)

[xzid]

http://98.15.202.89/

Holy shit, I cannot believe this site is still up. Used to visit it in my first few months of hacking, has some virus code. Looking back, some of it is pretty good.

[Kulverstukas]

http://98.15.202.89/

Holy shit, I cannot believe this site is still up. Used to visit it in my first few months of hacking, has some virus code. Looking back, some of it is pretty good.

Indeed that site is pretty awesome. Lots and lots of really useful stuff
I knew it for a long time, though haven't bookmarked it until now for some reason

[petermlm]

http://98.15.202.89/

Holy shit, I cannot believe this site is still up. Used to visit it in my first few months of hacking, has some virus code. Looking back, some of it is pretty good.

Great resource! Thank you very must!

[xor]

There's no point in using a users HOME or PROFILE directory because on servers, this can be on a remote location and is thus unreliable to get the local machine path.

[xor]

If this is correct(untested, have no linux except android at the moment), then my box would show a partition for /, /boot, /home(gentoo). Would also have a swap partition. Would also have many usb drives(which would be worth option searching). This may cause problems, unless by partitions xor means actual "root drives", like your linux filesystem + any extra external/internal drive mounted in /mnt.

Actually I misread. In linux, it will only EVER return / it won't return the other partitions.

[Mellow]

http://98.15.202.89/

Holy shit, I cannot believe this site is still up. Used to visit it in my first few months of hacking, has some virus code. Looking back, some of it is pretty good.

Thanks

[gh0st]

There's no point in using a users HOME or PROFILE directory because on servers, this can be on a remote location and is thus unreliable to get the local machine path.

xor maybe I didnt explained it very well if so I apologize .
look what Im doing is to set the path of the user for scanning and Im looking for a method to start the scan but in all the HDs of the user without the knowing them for example once the module is ended(the scanning for malicius strings of bytes is compleded)
the user clicks onto the button and the program automatically start the scan on the HD I think that I will have to set up 2 scanning methos for linux and for windows but thats what I want to avoid

[xor]

again, why, like normal anti-virus', don't you just allow the user to select what they want to scan?

[gh0st]

again, why, like normal anti-virus', don't you just allow the user to select what they want to scan?

its the button of full scan

[xzid]

drop linux, linux users don't use AVs anyway.

I'm very curious to see your "scan module", considering how much trouble you're having with this.

Who exactly is "evil AV" designed for? hackers? average end-users? system admins? I don't think you have a chance with any of 'em. Would rethink the name btw, may scare ppl off.

If this is simply a learning experience, then perhaps focusing on the UI and directory scanning is a mistake. Maybe you could start with a command line program that takes a PE file(exe, dll) as an argument. Then parses that file, to see if it's evil.

[gh0st]

@xor: hey dude getpath is just to display its name right? should I go straight to read*? sorry I know that Im nwebie a bit of understanding

[xzid]

@xor: hey dude getpath is just to display its name right? should I go straight to read*? sorry I know that Im nwebie a bit of understanding

y'know this is easier for me than you, respond to me. tell me I'm an asshole, defend yourself pussy.

[Kulverstukas]

Well I just remembered something.
Why the fuck keep it up to date yourself when there are already people using other AV updates for their own apps.

Like that HackHound (I think...) multi AV scanner. The first versions was using stuff straight... I think later version was using command line scanners to scan stuff and then grab the output to display it on a GUI.

http://www.briteccomputers.co.uk/forum/virustrojanspywaremalware/multi-av-scan-v1-6-1-multiple-antivirus-software-on-windows-computer/

[xor]

I agree with xzid on dropping Linux support.

Other than that, you have the code sample to return all of the local drives. Next step will be to write a function to iterate through them and all the subfolders and files.

[gh0st]

k guys I think that I got how to do this following this useful post that I did on another site http://www.javaprogrammingforums.com/file-i-o-other-i-o-streams/10266-analizing-bytes-files-av.html#post38913 so I will need to make a statement of if or a read() method to scan for malicius bytes and bring those bytes conditionals from a database any suggestion? http://pastebin.com/nGnTffbd you can add to the source code so I will do the upgrade on the main post give me links or more opinions doesnt matter if you dont know I started java last week    so you are not the only noob