Creating anti virus program in php

Asked By Mary M Derr 40 points N/A Posted on - 10/19/2014

Is there a way to write an antivirus in php ? where to start ? i don’t actually want it something big like Avira ,Norton of course not but i want to create a file upload script that checks the file if it doesn’t contain viruses or embed code. i want it a pure php. no antivirus program integration. just curios to learn how this script was made.

• Status:
• Question Views: 920
• Answer Count: 1
• Vote Up 0 Vote Down

• Answer Accepted: No
• Question Category: PHP

Answered By Hamthler itali 0 points N/A #188109

Creating anti virus program in php

HELLO

 

For the good protection, AN anti virus require at least one driver. This driver is used to able to run the code in kernel and can access the overall kernal APIs.

The antivirus company is use rookie that is used for as guard the doors.

The process of the making the antivirus. First thing you need to protect user form that is launching of malicious process. The antivirus is register with the PsSetCreateProcessNotifyRoutineEx callback.

You done this, You need to create the each process. When the main thread is going to start to run the antivirus callback is notified and receives all the require information .

Information can receives such as name of the process, File object and PID. When the process is waiting or may be pending, It can analyze the memory of the process for the anything malicious.

The driver will simply set the creation status to false and return.

The following code to understand the process for the antivirus:-

NTSTATUS PsSetCreateProcessNotifyRoutineEx(

  _In_  PCREATE_PROCESS_NOTIFY_ROUTINE_EX NotifyRoutine,

  _In_  BOOLEAN Remove

);

VOID CreateProcessNotifyEx(

  _Inout_   PEPROCESS Process,

  _In_      HANDLE ProcessId,

  _In_opt_  PPS_CREATE_NOTIFY_INFO CreateInfo

);

typedef struct _PS_CREATE_NOTIFY_INFO {

  SIZE_T              Size;

  union {

    ULONG  Flags;

    struct {

      ULONG FileOpenNameAvailable  :1;

      ULONG Reserved  :31;

    };

  };

  HANDLE              ParentProcessId;

  CLIENT_ID           CreatingThreadId;

  struct _FILE_OBJECT  *FileObject;

  PCUNICODE_STRING    ImageFileName;

  PCUNICODE_STRING    CommandLine;

  NTSTATUS            CreationStatus;

} PS_CREATE_NOTIFY_INFO, *PPS_CREATE_NOTIFY_INFO;

 

About Hamthler itali

Questions
0

Answers
100

Best Answers
1

• Vote Up 0 Vote Down

• Posted on - 01/24/2015
• Question Category: PHP