I wrote a little C code to scan all the files and folders on my hard drive ... and it can also read the top of the binary code of executable files (like .exe) and compare it with the built-in single binary signature code (in hexadecimal representation) . It can display a message if the signature matches the bin code of any scanned file.
We notice that I saved the sample signature in the array, because this is just one signature. What should I do if I want to add many other signatures! I need to use a database! But which database do I need? and I will need to use a SQL query to get and compare signatures! In which database are commercial antiviruses used (Kaspersky, Symantic, .. etc)? any idea plz?
Berkeley DB is a free open source library that basically stores the key value on disk (search tree or hash table, depending on settings). It is even simpler than SQLite because it avoids the idea of relational data and SQL.
, .
SQLite . SQL SQL, RDBMS, SQL Server/Oracle ..
: , , . , , . , , , , - , , , . , , , , , .
professional avs do not use sql to match virus signatures. this is a much more complicated process. take a look at http://sourceforge.net/projects/clamwin/ if you are interested in the subject. Or sources leaked to Kaspersky Internet ...