scanner/engine question

A

am632

New Member
Thread author
Jan 31, 2015
6
Hi,

I have put a large script together which is an all round system cleaner including hundreds of fixes for common software issues and pup removal etc and I want to add an av/malware scanner. I looked at clamav but i'm just not very impressed - it scans well with lots of commandline options but i think its signature db is a bit of a letdown when i have compaired to other av's also there seems to be a lot of false positives.

Can anyone recommend a scanner which I can 'freely' use? I see a lot of scanners use bitdefender & eset's engines but where would I obtain them and is there any licensing fees for them? I also looked at vipre rescue scaner which I like very much, I use the vipre security suite on 1 of my PC's which works well but it seems like for the vipre rescue I have to redownload the whole thing everytime it gets updated which is over 180mb currently.

Anyone have and experience or suggestions about this?

Thanks
 
  • Like
Reactions: Cats-4_Owners-2
M

MalwareT

First of all, welcome to MalwareTips :)

If you mean on implementing antivirus engine to your product, then you can use Bitdefender,Avast,Avg,Avira, ESET doesn't sell it's engine. If you want to add scanner to your toolbox, you can add which one you wish, i have Hitman Pro,Malwarebytes,Norton,Combofix (use it with caution), AdwCleaner and many more (so much to mention :rolleyes: ).
 
  • Like
Reactions: jamescv7, scot and Cats-4_Owners-2
A

am632

New Member
Thread author
Jan 31, 2015
6
Hi, thanks for the reply, I do actually use Malwarebytes & Adw aswell which are excellent but I am talking about implementing an engine into my product so the scanning can be done 'within' if you like. I am drawn more to ESET or bitdefender, do you know where I can obtain either of them? or is it a case of downloading the whole product and extracting the bits I need?

Thanks for your help

Aaron
 
A

am632

New Member
Thread author
Jan 31, 2015
6
Actually after re-reading your post I realise do you mean those engines are unavailable for purchase full stop? After doing some research I see other companies such as bullguard, Emsisoft and Immunet use bitdefenders engine, so I wonder how they would have gone about using it?
 
A

am632

New Member
Thread author
Jan 31, 2015
6
Ah, sorry, I just read you wrong, thanks for the links, I'll have a read through them.
 
D

Deleted member 21043

Hi,

You could use ClamAV and another engine/with your own engine. ClamAV is opensource, meaning if you wanted to include their engine, you could, free of charge.

If you want to include other Antivirus engines in your product, you should most likely get your credit cards and wallet of money ready because it won't come "cheap".

am632 said:
is it a case of downloading the whole product and extracting the bits I need?
Click to expand...
Never do this. This is stealing when you don't have permission to do so. If you do this, chances are you will be arrested and end up with a court case for theft/copyright. They don't just let people steal their products.

BitDefender sell their engine, you can obtain a license or learn more from this link about their SDK here: http://www.bitdefender.com/oem/antimalware-software-development-kit.html

Do I recommend using BitDefender engine?
No, I don't. It's way too much overrused, and just because BitDefender is used by a lot of people does not mean using their engine will make yours good. Nonetheless, they don't include "everything" in their product in this SDK - to be honest with you, many people would argue and debate about BitDefender being good, and others would argue back about it being good. But let's not get into this.

Zillya! also have a engine SDK. You can read more informaton about this here: http://zillyaoem.com/engine_sdk

Do I recommend using Zillya! engine?
No, I don't. You can do your research on Zillya!, however once again, if you are serious about making a Antivirus and want to distribute it to protect people, compared to other vendors like ESET you have no chance with Zillya. You'd have better chance with BitDefender.

Avira also have a engine SDK. You can read more information about this here: http://www.avira.com/en/for-busines...on=_ft_for-business-avira-rebranding-bundling

Do I recommend using Avira?
A little against and a litle for it. I would say it's better than Zillya, however I won't compare it to BitDefender. A mix of BitDefender engine, Zillya engine and your own engine/also with ClamAV and your own engine would be a much better technique. Just, if you do this, make sure to make the product lightweight.

My thoery to why ESET and other "good" Antivirus solutions do not sell of their engine like BitDefender do, is because, if the product is really good and the engine is superior, would you want to sell it off for other companies to take advantage of your engine and possibly steal your customers?

What I mean is, let's say Qihoo included the Avast and ESET engine in their product. As well as having all the enines they already have included in the product. And, on top of all of this, they managed to keep RAM usage low. The chances are they would steal some of ESET's and Avast's customers, because they offer a lot for a free product and have the signatures or at least some of them for those 2 companies' products. Do you see what I mean, now?

Make sure, no matter what engine you use, to keep the product lightweight. If your product uses 3 engines and uses a immense about of RAM for example, nobody will want it. You must also keep the CPU lightweight whilst using your product.

I think you'd be better off making your engine. Then you can say "It's my engine" and "It's my work", instead of the other companies taking credit for detections and the power of your product.

If you want to make a Antivirus, I say you should make one. Using or relying on another engine is not "making" a Antivirus, but bundling in other engines so it is a "Antivirus". But it's up-to-you.

Thank you, good luck with your project development. ;)
 
  • Like
Reactions: darko999, jamescv7, scot and 2 others
A

am632

New Member
Thread author
Jan 31, 2015
6
Thanks both for the help and all the suggestions and info. Also I realise just extracting the good stuff from other AV's is stealing but i'd never actually use it in a product to release :) that would just be for my own experimentation.

I dont actually 'hate' clamav, the scanner seems to work well and appears to scan just as quickly as other av's, for me its just the available databases which are a letdown and for me it wouldn't be pratical to create my own and keep it up-to-date. I'm dreading the costs of the commercial engines tho :) I don't suppose there are databases I may not know about for clam which may be half decent?

Thanks
 
D

Deleted member 21043

am632 said:
Thanks both for the help and all the suggestions and info. Also I realise just extracting the good stuff from other AV's is stealing but i'd never actually use it in a product to release :) that would just be for my own experimentation.

I dont actually 'hate' clamav, the scanner seems to work well and appears to scan just as quickly as other av's, for me its just the available databases which are a letdown and for me it wouldn't be pratical to create my own and keep it up-to-date. I'm dreading the costs of the commercial engines tho :) I don't suppose there are databases I may not know about for clam which may be half decent?

Thanks
Click to expand...
Good luck with the first one; you think the Antivirus vendors would leave their code vulnerable for thieves and the database files "unencrypted" for anyone to come along and use them?

ClamAV is most likely faster due to having a smaller database. Not saying this is why, however it is possible.

Cheers. ;)
 
D

Deleted member 21043

am632 said:
I'm dreading the costs of the commercial engines tho
Click to expand...
Just try to make your own engine. Start small and work your way up the pipe to success.

I recommend using C/C++ to start with. Assembly will be required sometime, depending on what you want to do. If you need help with User Interfaces, because you do not have knowledge nor the time to learn how to make them in C/C++, you can look into using HTML for your interfaces, OR using .NET (C++.NET, C#.NET or VB.NET) for the interface and then the engine in C/C++ and Assembly.

When I recommended above using C++ for the engine, I meant native C++. Not C++.NET.
Using C/C++ and Assembly will give you far more control over the system. There are limits with .NET based projects; nothing like kernel mode drivers etc.

Cheers. ;)
 
  • Like
Reactions: jamescv7
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Yes ClamAV is not fully effective like other engines, due to the fact the capacity of signatures provided however its a good way to start alongside of having a scratch engine implemented. License engine may cause a bit difficulty in process and concern also of FP rate since its came from well known company. ;)
 
  • Like
Reactions: Deleted member 21043
You must log in or register to reply here.

Similar threads

G
Serious Discussion Trustd Mobile Security any good?
Replies
6
Views
423
General Security Discussions
Trident
Trident
Xeno1234
    • Like
  • Locked
Solved Question about unknown devices on the network.
Replies
24
Views
1,556
General Security Discussions
Xeno1234
Xeno1234
gorblimey
    • Like
Serious Discussion End-of-Lifecycle Support
Replies
5
Views
547
VoodooShield
gorblimey
gorblimey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top