McAfee AVDCDE-AA-AA User Guide - Page 25
How does VirusScan software work?, Fast, accurate virus detection - family
View all McAfee AVDCDE-AA-AA manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 25 highlights
About VirusScan Software How does VirusScan software work? VirusScan software combines the anti-virus industry's most capable scan engine with top-notch interface enhancements that give you complete access to that engine's power. The VirusScan graphical user interface unifies its specialized program components, but without sacrificing the flexibility you need to fit the software into your computing environment. The scan engine, meanwhile, combines the best features of technologies that McAfee and Dr Solomon researchers developed independently for more than a decade. Fast, accurate virus detection The foundation for that combination is the unique development environment that McAfee and Dr Solomon researchers constructed for the engine. That environment includes Virtran, a specialized programming language with a structure and "vocabulary" optimized for the particular requirements that virus detection and removal impose. Using specific library functions from this language, for instance, virus researchers can pinpoint those sections within a file, a boot sector, or a master boot record that viruses tend to infect, either because they can hide within them, or because they can hijack their execution routines. This way, the scanner avoids having to examine the entire file for virus code; it can instead sample the file at well defined points to look for virus code signatures that indicate an infection. The development environment brings as much speed to .DAT file construction as it does to scan engine routines. The environment provides tools researchers can use to write "generic" definitions that identify entire virus families, and that can easily detect the tens or hundreds of variants that make up the bulk of new virus sightings. Continual refinements to this technique have moved most of the hand-tooled virus definitions that used to reside in .DAT file updates directly into the scan engine as bundles of generic routines. Researchers can even employ a Virtran architectural feature to plug in new engine "verbs" that, when combined with existing engine functions, can add functionality needed to deal with new infection techniques, new variants, or other problems that emerging viruses now pose. This results in blazingly quick enhancements the engine's detection capabilities and removes the need for continuous updates that target virus variants. Encrypted polymorphic virus detection Along with generic virus variant detection, the scan engine now incorporates a generic decryption engine, a set of routines that enables VirusScan software to track viruses that try to conceal themselves by encrypting and mutating their code signatures. These "polymorphic" viruses are notoriously difficult to detect, since they change their code signature each time they replicate. User's Guide 25