PSAV - Pootispencer Anti Virus - ComputerCraft Forums (archive)

svdragster #1

svdragster's profile picture

220 posts

Location Germany

Posted 17 March 2013 - 11:39 AM

PSAV - Pootispencer Anti Virus

Welcome to another useless Antivirus!
This is my first (kinda) big program.

PSAV will check all files on the computer, and tell you if it contains a string stored in a file called problems.txt.

Please give me ideas for this file :P/>/>

If I get more strings of viruses I find I will add these to the problems.txt, and later to a infections.txt.
Because I don't have enough time(aka im too lazy) I haven't added the infections feature yet.
In this program you'll see my whole learning process, so ofc there will be some things which could be done better!

When running a scan, it will create a log in /PSAV/reports/log[enternumbershere].log, which contains all information needed about this scanned program for PSAV.

NOTE: I know my antivirus is useless in Computercraft. It would be awesome if you test every function of this for bugs and improvements!

Screenies:

Spoiler

[attachment=1074:2013-03-16_23.27.44.png][attachment=1075:2013-03-16_23.27.50.png][attachment=1076:2013-03-16_23.27.53.png]

DOWNLOAD SETUP: http://pastebin.com/1xKRFEwY or type in console: pastebin get 1xKRFEwY psavsetup
It will create a folder called PSAV and put lots o' stuff in there.

Also the settings don't work. I started working on them once, but did not continue.

SuicidalSTDz #2

1511 posts

Location Pennsylvania

Posted 17 March 2013 - 12:47 PM

Good job! I would love to see you continue with this and make it better ^_^/> Keep up the great work!

Edited for certain reasons; keeping this thread clean

svdragster #3

svdragster's profile picture

220 posts

Location Germany

Posted 17 March 2013 - 01:10 PM

Well this is just to learn all the cc stuff. Look in the code, you'll notice it does way more than just looking for words.

SuicidalSTDz #4

1511 posts

Location Pennsylvania

Posted 17 March 2013 - 01:12 PM

svdragster, on 17 March 2013 - 01:10 PM said:
Well this is just to learn all the cc stuff. Look in the code, you'll notice it does way more than just looking for words.

I saw that. One of the reasons this is similar to my firewall, hence why I like it :)/>/>

X0, I am sorry if you thought I was being rude. I was saying that it is similar to my firewall, and I hope he makes his better than mine in ways.

FuuuAInfiniteLoop(F.A.I.L) #5

FuuuAInfiniteLoop(F.A.I.L)'s profile picture

451 posts

Location The left part of this post

Posted 18 March 2013 - 05:04 AM

why you dont just replace function like os.shutdown or fs.open("startup", "w") and detect them as problem, write them in a file, and show them?

svdragster #6

svdragster's profile picture

220 posts

Location Germany

Posted 18 March 2013 - 05:22 AM

urielsalis, on 18 March 2013 - 05:04 AM said:
why you dont just replace function like os.shutdown or fs.open("startup", "w") and detect them as problem, write them in a file, and show them?

PSAV will read strings from the problem.txt, and compare the text in a file with the contents of the problem.txt.
When scanning it will write everything to a logfile in the folder reports and the program "details" reads the data out of it.
I'm using the logfile, because I don't want 1000 files being created. In a huge program that could slow down everything :P/>

I will add some more contents to the problems.txt soon.

NeptunasLT #7

139 posts

Location Vilnius,Lithuania

Posted 18 March 2013 - 08:20 PM

11 problems found. :D/>
Scan Report:
Found problem in file 'psavsetup'
Contians: 'pastebin'

:D/>

Next
Scan report:
file 'psavsetup' okay :D/>

theoriginalbit #8

7508 posts

Location Australia

Posted 18 March 2013 - 08:39 PM

What does the scanner actually search for? o.O
It seems i couldn't get it to pickup on any problems and I tried all the basics!

immibis #9

immibis's profile picture

997 posts

Location Wellington, New Zealand

Posted 18 March 2013 - 08:41 PM

So this just checks for files containing shell.run or RemoteAComputer?

svdragster #10

svdragster's profile picture

220 posts

Location Germany

Posted 19 March 2013 - 02:50 AM

Fail it doesnt even search for pastebin :3 I think it found shell.run in there :P/> if not, give me the log it created…

PSAV currently only searches for shell.run and RemoteAcomputer ^^
I know its kinda nothing but I didn't put much effort in the problems.txt and into showing the result of a scan… I will update soon!

theoriginalbit #11

7508 posts

Location Australia

Posted 19 March 2013 - 02:56 AM

svdragster, on 19 March 2013 - 02:50 AM said:
PSAV currently only searches for shell.run and RemoteAcomputer ^^

but does it search for
shell['run'] ??
or have I just found a way around your antivirus and use shell.run

svdragster #12

svdragster's profile picture

220 posts

Location Germany

Posted 19 March 2013 - 05:35 AM

TheOriginalBIT, on 19 March 2013 - 02:56 AM said:
svdragster, on 19 March 2013 - 02:50 AM said:
PSAV currently only searches for shell.run and RemoteAcomputer ^^
but does it search for
shell['run'] ??
or have I just found a way around your antivirus and use shell.run

It will only search for the contents of the problems.txt.
Its contents are:


shell.run
RemoteAcomputer

So it won't search for shell['run']

NeptunasLT, on 18 March 2013 - 08:20 PM said:
11 problems found. :D/>
Scan Report:
Found problem in file 'psavsetup'
Contians: 'pastebin'

:D/>

Next
Scan report:
file 'psavsetup' okay :D/>

I know what you mean now. It searches for 2 strings, so it will write in the log


DAY TIME KIND FILE DESCRIPTION(=What it searched for)
165  4:25 nothing awesome shell.run
165 4:25 nothing awesome RemoteAComputer

So here it found in the file "awesome" nothing, when it searched for shell.run and RemoteAComputer.

PixelToast #13

2217 posts

Location 3232235883

Posted 19 March 2013 - 05:39 AM

_G["s".."h".."ell"]["r.."un"]
there is an infinite number of combinations with variables, appends, etc

therefore this av is fail

svdragster #14

svdragster's profile picture

220 posts

Location Germany

Posted 19 March 2013 - 05:52 AM

PixelToast, on 19 March 2013 - 05:39 AM said:
_G["s".."h".."ell"]["r.."un"]
there is an infinite number of combinations with variables, appends, etc

therefore this av is fail

svdragster, on 17 March 2013 - 11:39 AM said:
Welcome to another useless Antivirus!

Real antivirus also can (most of the time) only find viruses, which are older than 3-7 days. E.g. the FBI Trojan. It does nothing bad(for the antivirus). It opens a website and sets internet explorer into Kiosk-mode, and maybe block some key inputs and sets a regkey to "notaskmgr".

This program is just to learn ComputerCraft and I didn't want to make an OS, because everyone does this. :P/>

FuuuAInfiniteLoop(F.A.I.L) #15

FuuuAInfiniteLoop(F.A.I.L)'s profile picture

451 posts

Location The left part of this post

Posted 19 March 2013 - 06:24 AM

Suggestion: Create a sandbox and run the file there so you can find what it do for ex, it created a file named startup

svdragster #16

svdragster's profile picture

220 posts

Location Germany

Posted 19 March 2013 - 06:44 AM

urielsalis, on 19 March 2013 - 06:24 AM said:
Suggestion: Create a sandbox and run the file there so you can find what it do for ex, it created a file named startup

Well I'm too nooby to make that ^^

PixelToast #17

2217 posts

Location 3232235883

Posted 19 March 2013 - 06:46 AM

potispencerhere

-heavy

FuuuAInfiniteLoop(F.A.I.L) #18

FuuuAInfiniteLoop(F.A.I.L)'s profile picture

451 posts

Location The left part of this post

Posted 19 March 2013 - 01:57 PM

svdragster, on 19 March 2013 - 06:44 AM said:
urielsalis, on 19 March 2013 - 06:24 AM said:
Suggestion: Create a sandbox and run the file there so you can find what it do for ex, it created a file named startup
Well I'm too nooby to make that ^^

you only have to remplace the fs api with a one htat do the same but it do it in a folder called sandbox

code:


oldfs = fs
function fs.open(file, mode)
return oldfs.open("sandobox/"..file, mode)
end
function fs.list(path)
return oldfs.list("sandobox/"..path)
end
function fs.exists(path)
return oldfs.exists("sandobox/"..path)
end
function fs.isDir(path)
return oldfs.isDir("sandobox/"..path)
end
function fs.isReadOnly()
return false
end
function fs.getName(path)
return oldfs.getName("sandobox/"..path)
end
function fs.getDrive()
return "hdd"
end
function fs.getSize(path)
return oldfs.getSize("sandbox/"..path)
end
function fs.makeDir(path)
return oldfs.makeDir("sandbox/"..path)
end
function fs.move(file, mode)
return oldfs.move("sandobox/"..file, "sandobox/"..mode)
end
function fs.copy(file, mode)
return oldfs.copy("sandobox/"..file,"sandobox/"..mode)
end
function fs.combine(file, mode)
return oldfs.combine("sandobox/"..file, "sandobox/"..mode)
end
function fs.delete(path)
return oldfs.delete("sandbox/"..path)
end
--run file here
local a = filesthatwedontwanttobecreated
local detected = {}
for i=1, #a do if fs.exists(a[1]) then table.insert(detected, a[i]) end
--lastline
oldfs = fs
--we have the fs api back

theoriginalbit #19

7508 posts

Location Australia

Posted 19 March 2013 - 02:06 PM

PixelToast, on 19 March 2013 - 05:39 AM said:
_G["s".."h".."ell"]["r.."un"]
there is an infinite number of combinations with variables, appends, etc

therefore this av is fail

Then you can start doing fun things like this


local function call( t, k, ... )
  t[k]( unpack(args) )
end

call( shell, 'run', 'pastebin', 'get', 'virus' )

urielsalis, on 19 March 2013 - 01:57 PM said:
svdragster, on 19 March 2013 - 06:44 AM said:
urielsalis, on 19 March 2013 - 06:24 AM said:
Suggestion: Create a sandbox and run the file there so you can find what it do for ex, it created a file named startup
Well I'm too nooby to make that ^^
you only have to remplace the fs api with a one htat do the same but it do it in a folder called sandbox

-code snip-

Why even have them still function, its just a sandbox to check for malicious code. you should/could just do this


function fs.open(file, mode)
  log( 'Program: ____ Wants to open and use file \''..file..'\' for mode \''..mode..'\'' )
  return { read = function() log('attempt to read file') return 'sandbox' end, ... etc for rest of variables... }
end

Also just saying but your code wouldn't work, you would get a stack overflow. you make oldfs just a reference to fs, so when you change fs it changes in oldfs too, so you would be recursively calling your own functions. you would need to do a copy of the fs table into the oldfs table.


local oldfs = {}
for k,v in pairs(fs) do
  oldfs[k] = v
end

Mrrraou #20

Mrrraou's profile picture

36 posts

Location France

Posted 01 September 2013 - 09:46 AM

After a while, I come back on this forum and I see this…
When you talk about RemoteAComputer, does it's my program ? xD
(um yeah my english is very bad sorry…)

svdragster #21

svdragster's profile picture

220 posts

Location Germany

Posted 01 September 2013 - 02:23 PM

Mrrraou, on 01 September 2013 - 09:46 AM said:
After a while, I come back on this forum and I see this…
When you talk about RemoteAComputer, does it's my program ? xD
(um yeah my english is very bad sorry…)

lol yeah, but nothing against your program ^^
I just needed stuff to add to the file.

Mrrraou #22

Mrrraou's profile picture

36 posts

Location France

Posted 01 September 2013 - 02:27 PM

svdragster, on 01 September 2013 - 02:23 PM said:
Mrrraou, on 01 September 2013 - 09:46 AM said:
-snip-

lol yeah, but nothing against your program ^^
I just needed stuff to add to the file.

Oh okay I understand ^^
You can add the auto-shutdown virus in the database, if you have no idea ^^

svdragster #23

svdragster's profile picture

220 posts

Location Germany

Posted 01 September 2013 - 04:36 PM

Mrrraou, on 01 September 2013 - 02:27 PM said:
svdragster, on 01 September 2013 - 02:23 PM said:
Mrrraou, on 01 September 2013 - 09:46 AM said:
-snip-

lol yeah, but nothing against your program ^^
I just needed stuff to add to the file.
Oh okay I understand ^^
You can add the auto-shutdown virus in the database, if you have no idea ^^

I'm working on completely renewing the whole program. Users have the ability to let a real human see the program, who will decide if it's malicious or not.

RazeLion #24

RazeLion's profile picture

12 posts

Posted 03 September 2013 - 01:47 AM

Instead of detecting shell.run as a problem, can you tell the antivirus to detect it as a Risk? Shell.run isn't a problem in most scenarios D:

svdragster #25

svdragster's profile picture

220 posts

Location Germany

Posted 03 September 2013 - 08:24 AM

I uploaded the program on 16 of march, I'm working on a new and better AV :)/>