General structure of an anti virus product

From: "Vicks" <vihag007@xxxxxxxxx>
Date: 17 Jan 2006 22:00:04 -0800

Hi All,

This is my first question to this group. Can someone please help me to
understand how does antivirus product basically work in kernel mode.
I mean in kernel mode how and when does it scans the binary. Which User
and kernel mode APIs does it hook to implement its functionality.

When does the driver gets loaded during the booting up of system.

Any Info would be a great help.

.

Follow-Ups:
- Re: General structure of an anti virus product
  - From: Scherbina Vladimir

Prev by Date: Re: I suggest flaming spyware striker
Next by Date: BSOD possible Virus Issue
Previous by thread: Re: Answer results and a question
Next by thread: Re: General structure of an anti virus product
Index(es):
- Date
- Thread

Relevant Pages

Re: Win 98 utils not in XP
... keys to get into safe mode. ... He needs to stab the F8 function key as it's booting up, then select the boot mode desired. ... At the top is kernel mode. ...
(uk.comp.misc)
Re: RELENG_6_0: fatal trap 12
... page fault while in kernel mode ... > I have tried booting with or without ACPI, in safe mode, or single user ... > mode and got the same message on booting. ...
(freebsd-current)
Re: RELENG_6_0: fatal trap 12
... page fault while in kernel mode ... > mode and got the same message on booting. ... Can you add 'options KDB' and 'options DDB' and get a stack trace? ...
(freebsd-current)
RELENG_6_0: fatal trap 12
... I am upgrading from 5.4 to 6.0 and got the following error message: ... Fatal trap 12: page fault while in kernel mode ... I have tried booting with or without ACPI, in safe mode, or single user ...
(freebsd-current)