- Forum
- General C++ Programming
- System calls, anti-virus
System calls, anti-virus
I'm not so familiar with how anti-virus software works. My guess is that they do not like system calls?
For example, if my program makes a system ("dir"), to access the content in order to introduce it, would antivirus react badly to it?
And if so, how does it work with all of these other functions that you can use to get content from a folder. Ex boost, dirent and microsoft functions, dont they all make system calls in this case?
it should not complain.
AV software works in many ways, its not a single algorithm, but the gist of the main ones are
1) look for specific virus patterns (actual copies of the actual virus code blocks found inside another file)
2) looks for things you shouldn't be doing (touching too many files, too much networking, various 'alarms')
3) touching the OS or automatic start areas
I don't think any of them would flag a system call. If they did, they should be smart enough to look for the nasty ones like system('del /s *.*') and ignore pause, dir, etc. Ive written many an 'enhanced batch file' in windows under c++ for utility purposes under many an AV software and never tripped anything, and some of those deleted some files.
AV software works in many ways, its not a single algorithm, but the gist of the main ones are
1) look for specific virus patterns (actual copies of the actual virus code blocks found inside another file)
2) looks for things you shouldn't be doing (touching too many files, too much networking, various 'alarms')
3) touching the OS or automatic start areas
I don't think any of them would flag a system call. If they did, they should be smart enough to look for the nasty ones like system('del /s *.*') and ignore pause, dir, etc. Ive written many an 'enhanced batch file' in windows under c++ for utility purposes under many an AV software and never tripped anything, and some of those deleted some files.
Topic archived. No new replies allowed.