Anti virus API?
-
AVG offers an API, But I have written twice and never got a response.:(( Regardz Colin J Davies
Sonork ID 100.9197:Colin
You are the intrepid one, always willing to leap into the fray! A serious character flaw, I might add, but entertaining. Said by Roger Wright about me.
Colin^Davies wrote: Colin^Davies C to the izzo, D to the avies ;P Jon Sagara "Shut up brain, or I'll stab you with a Q-Tip!"
-
Google returns the following link: http://msdn.microsoft.com/workshop/security/antivirus/antivirus.asp[^] Jon Sagara "Shut up brain, or I'll stab you with a Q-Tip!"
Hmm.. Useless Implementation/API I'm afraid. X| I've only studied a couple of computer security courses and I did my masters in this area, so I'm not by any means a computer security "professional". But I have two points to back up my statement: 1) It does not support system-wide policies. I.e., a sysadmin/secadmin cannot configure it to fully reject any suspicious files. (Sysadmins/secadmins may be fascist a**holes, but they are so for a reason - most of the time anyway :)) 2) The AV-software is implemented as a COM-object? That design choice should be awarded a Darwin[^] award. Dynamically loaded DLL's can be bypassed by the most clueless virus programmer. Consider this: You get a virus which has not yet been identified by AV-vendor X. It's executed undetected. Inevitable you say? Ok, very well. But the virus won't stop there. Of course it'll scan that cute CAT-id the API speaks of, and put COM-proxies around each and everyone of those AV-COM DLLs. Now the virus quite a grip on your AV-software. If the AV-software would have been put in some digitally signed form (registry and DLL needs to be tamper-proof/tamper-verifiable), this trick would have been a lot harder! Yet another blunt attempt by Microsoft to do "security". Microsoft has like a billion of researchers, some of them are the best in computer security researchers. Then why the hell do they push crap like this? :confused: (I guess the Office team doesn't have any connections with the research department..) FreeBSD is sexy. Getting closer and closer to actually submit an article...
-
It can be a problem. Luckily, most of the virus people are no-brains script kiddies. Only recently have these viri started attacking the AV software. Tim Smith "Programmers are always surrounded by complexity; we can not avoid it... If our basic tool, the language in which we design and code our programs, is also complicated, the language itself becomes part of the problem rather that part of the solution." Hoare - 1980 ACM Turing Award Lecture
Yes.. but this is an open invitation to all 12 year old script kiddies! FreeBSD is sexy. Getting closer and closer to actually submit an article...
-
Hmm.. Useless Implementation/API I'm afraid. X| I've only studied a couple of computer security courses and I did my masters in this area, so I'm not by any means a computer security "professional". But I have two points to back up my statement: 1) It does not support system-wide policies. I.e., a sysadmin/secadmin cannot configure it to fully reject any suspicious files. (Sysadmins/secadmins may be fascist a**holes, but they are so for a reason - most of the time anyway :)) 2) The AV-software is implemented as a COM-object? That design choice should be awarded a Darwin[^] award. Dynamically loaded DLL's can be bypassed by the most clueless virus programmer. Consider this: You get a virus which has not yet been identified by AV-vendor X. It's executed undetected. Inevitable you say? Ok, very well. But the virus won't stop there. Of course it'll scan that cute CAT-id the API speaks of, and put COM-proxies around each and everyone of those AV-COM DLLs. Now the virus quite a grip on your AV-software. If the AV-software would have been put in some digitally signed form (registry and DLL needs to be tamper-proof/tamper-verifiable), this trick would have been a lot harder! Yet another blunt attempt by Microsoft to do "security". Microsoft has like a billion of researchers, some of them are the best in computer security researchers. Then why the hell do they push crap like this? :confused: (I guess the Office team doesn't have any connections with the research department..) FreeBSD is sexy. Getting closer and closer to actually submit an article...
Hell.. you don't even need to do any proxying whatsoever in this case. You just need to return S_OK from the Scan-method. It's not even hard! FreeBSD is sexy. Getting closer and closer to actually submit an article...
-
AVG offers an API, But I have written twice and never got a response.:(( Regardz Colin J Davies
Sonork ID 100.9197:Colin
You are the intrepid one, always willing to leap into the fray! A serious character flaw, I might add, but entertaining. Said by Roger Wright about me.
Do you know how it's implemented? FreeBSD is sexy. Getting closer and closer to actually submit an article...
-
Google returns the following link: http://msdn.microsoft.com/workshop/security/antivirus/antivirus.asp[^] Jon Sagara "Shut up brain, or I'll stab you with a Q-Tip!"
Thanks for the pointer - unfortunately, the API description says that the virus checker is responsable for showing UI to the user in case of an infected file, so it cannot be used on a server. It's amazing to me that none of the major anti-virus vendors seem to have an API! :confused:
Mike Sax http://www.Sax.net Rock Solid Components™
-
A quick search of the KB shows that there's a Office Addin produced by Symantec/Norton called Officeav.dll. It appears to be a COM object, so you could probably play around with its interfaces and get it to work if you're persistent enough. I'm not sure if it does a real virus scan or only scans Word docs internally, but you should be able to find out with a bit of testing. I assume that you'll have to have MS Office and Norton Anti-Virus on the machine in question in order to get it to work. -Mike Stevenson Owner, Liquid Mirror Software and eBooks, Shareware Junction Downloads and Crush Alarm http://www.liquidmirror.com/ - http://www.sharewarejunction.com/ - http://www.CrushAlarm.com/ Sign up for the Shareware Junction Banner eXchange! http://www.sharewarejunction.com/swjbx/
Mike Stevenson wrote: I'm not sure if it does a real virus scan or only scans Word docs internally, It does a real scan. Take it from a former NAV developer. ;) I assume that you'll have to have MS Office and Norton Anti-Virus on the machine in question in order to get it to work. That is correct. --Mike-- Just released - RightClick-Encrypt v1.3 - Adds fast & easy file encryption to Explorer My really out-of-date homepage Sonork-100.19012 Acid_Helm
-
Do you know how it's implemented? FreeBSD is sexy. Getting closer and closer to actually submit an article...
Jörgen Sigvardsson wrote: Do you know how it's implemented? All I know is that I emailed grisoft@grisoft.com and got no response :-( I have no idea what it is, sorry Regardz Colin J Davies
Sonork ID 100.9197:Colin
You are the intrepid one, always willing to leap into the fray! A serious character flaw, I might add, but entertaining. Said by Roger Wright about me.
-
Here's the scenario: Customers upload files via a support site. The support engineer needs to download the file, scan it for viruses and if it's infected, notify the customer. To avoid this hassle, we'd like to make virus checking a part of the upload process so we can immediately notify the customer and save time for ourselves. Is there any anti-virus company out there that has a simple "Scan this file and tell me if it's infected" function you can call? We can think of a few work arounds (like emailing the file to a mail server which has virus checking software on it), but we'd really like to make it part of the process. Any suggestions would be greatly appreciated... thanks!
Mike Sax http://www.Sax.net Rock Solid Components™
Norman Antivirus: http://www.norman.no/[^] James Drinking In The Sun Forgot Password?
-
Here's the scenario: Customers upload files via a support site. The support engineer needs to download the file, scan it for viruses and if it's infected, notify the customer. To avoid this hassle, we'd like to make virus checking a part of the upload process so we can immediately notify the customer and save time for ourselves. Is there any anti-virus company out there that has a simple "Scan this file and tell me if it's infected" function you can call? We can think of a few work arounds (like emailing the file to a mail server which has virus checking software on it), but we'd really like to make it part of the process. Any suggestions would be greatly appreciated... thanks!
Mike Sax http://www.Sax.net Rock Solid Components™
Sophos has the SAVI API: http://www.sophos.com/sophos/docs/eng/manuals/savitoolkit.pdf[^]
-
Here's the scenario: Customers upload files via a support site. The support engineer needs to download the file, scan it for viruses and if it's infected, notify the customer. To avoid this hassle, we'd like to make virus checking a part of the upload process so we can immediately notify the customer and save time for ourselves. Is there any anti-virus company out there that has a simple "Scan this file and tell me if it's infected" function you can call? We can think of a few work arounds (like emailing the file to a mail server which has virus checking software on it), but we'd really like to make it part of the process. Any suggestions would be greatly appreciated... thanks!
Mike Sax http://www.Sax.net Rock Solid Components™
I wonder if Symantec and McAfee are in the process of providing a web service for this purpose. I'd certainly drop them an email to see if they provide this, or some similar, service. By the way, is this the same Sax that's been around for years? I used a Sax serial communications C++ library in the mid 90s that saved me a ton of time, so if that was you, nice work, man! Chistopher Duncan Author - The Career Programmer: Guerilla Tactics for an Imperfect World (Apress)
