there are a few online virus scanning sites on the internet such as virustotal, razorscanner, majyx and so on. Those are the places where you can scan files just by uploading them and so I was wondering how is it handled technically, I suspect that it's something like that (I am talking about sites that offer 50 av's +)
USER == UPLOAD FILE ==> WEBSITE == SENDS TO SCAN MACHINE ALONG WITH DB QUERY ==> SCAN MACHINE == (???) ==> SCAN MACHINE == SENDS ANWSER TO WEBSITE DB WITH RESULTS ==> WEBSITE == DISPLAYS FRONTEND BASED ON FILLED DB QUERY ==> END
More or less like that. The only question is how is scanning handled? Because I doubt that you could write application that would oper on av memory and force it to scan certain file, they're heavily obfuscated and usually loaded in kernel mode with special permissions and god only knows what else.
So how to scan one file with 60 av's in ~1 minute?
Aucun commentaire:
Enregistrer un commentaire