This is a read-only snapshot of the ComputerCraft forums, taken in April 2020.
Ac1ddr0p's profile picture

Computer Virus protector

Started by Ac1ddr0p, 19 June 2014 - 08:46 PM
Ac1ddr0p #1
Posted 19 June 2014 - 10:46 PM
This app was created in about 30 minutes (about a few hours after 0.2 was released) and is a Virus protector for CraftOS, this was created to be used on servers and other WAN networks that lots of people can join.

This will remove the basic Virus so far, and will be able to be compatible with removing other known Viruses as I find them out. This is also given a look to mimic (or at least try) the Windows XP Restoring/other amazing stuff screen.

COMMENT KNOWN VIRUSES PLEASE! THEY WILL GET IMPLEMENTED IN A QUICK UPDATE!

Version 0.2 Changelog:
-removed fake progress bar
-recoded everything
-partially compatible with LabyOS (WIP)
-Optional Virus check (basic and advanced) (basic just checks the front page of files where advanced checks some folders I've made compatible)

Download:

Virus protector: pastebin get SJ6N5gme (REMOVE OLD VERSION)

Any problems or just something you want to say, write it in the comments!
Edited on 19 June 2014 - 09:39 PM
Lignum #2
Posted 19 June 2014 - 11:05 PM
If this ever deletes a virus, I'll be surprised.
But in all honesty, we expect programs here that took time and effort to make and if your post states that it took three minutes, then you're doing something wrong.
I'm aware that you're probably going to update this but please don't post it if it's not even close to complete. You can post WIPs in the general section to anticipate people for your program.
Ac1ddr0p #3
Posted 19 June 2014 - 11:08 PM
Oh right, thank you I'll do that in future. But yes at the moment there are only the basic viruses it deletes, I need someone that knows most of the popular ones that are on servers so I can make an update for this to sort that problem out. And I didn't mean literally 3 mins but that was to perspective
Agent Silence #4
Posted 19 June 2014 - 11:12 PM
Please no fake load bar
scj643 #5
Posted 19 June 2014 - 11:18 PM
It just removes any program that has the name virus or trojan in it
Ac1ddr0p #6
Posted 19 June 2014 - 11:30 PM
Currently I've removed that fake progress bar, recoded everything, and am now wanting to know what people on their servers call their Viruses. I'll release this update but I will need to know names as so far it's just "Virus" and "trojan"
TheOddByte #7
Posted 19 June 2014 - 11:32 PM
Well.. this is.. kinda useless( no offense ) :P/>
I mean, if someone actually created a virus, do you believe they would name it virus/trojan? A better approach would be to check the code of each file on the computer.
Lignum #8
Posted 19 June 2014 - 11:35 PM
Currently I've removed that fake progress bar, recoded everything, and am now wanting to know what people on their servers call their Viruses. I'll release this update but I will need to know names as so far it's just "Virus" and "trojan"
It's generally a bad idea to judge whether a program is a virus or not by its name. You should check it by its contents. To accomplish that, you can hash a file and compare its hash with any of the hashes on your database. To make it more efficient, you should remove all spaces before hashing, so that an extra newline at the end of the file won't confuse it.
Ac1ddr0p #9
Posted 19 June 2014 - 11:45 PM
sorry this going to sound bad but, how to hash files? I don't normally check anything by it's content, just by names and I'm pretty new to better LUA
133spider #10
Posted 19 June 2014 - 11:52 PM
You should make it check a table, and from there if a existing file has the same name as a value in the assigned table it will delete it.

Example:

Spoiler

vLibrary = {"virus", "trojan"}

files = fs.list("/")

for i,v in pairs(files) do
  if vLibrary[v] ~= nil then
	fs.delete(v)
  end
end
TheOddByte #11
Posted 20 June 2014 - 12:08 AM
You should make it check a table, and from there if a existing file has the same name as a value in the assigned table it will delete it.

Example:

Spoiler

vLibrary = {"virus", "trojan"}

files = fs.list("/")

for i,v in pairs(files) do
  if vLibrary[v] ~= nil then
	fs.delete(v)
  end
end
It still isn't so smart to delete files depending on their name, as I said above, those who create viruses usually don't name them virus/trojan.
If you want a really simple way of check it's content then here's a code snippet

local keywords = {
    ["rawset"] = "Destroy your computer! D-:";
    ["fs"] = "Access filesystem";
}

--# This is a function that theoriginalbit created
local function fsList(start)
  local function yieldFsList(startPath)
        local list = fs.list(startPath)
        for _, file in ipairs(list) do
          local path = fs.combine(startPath, file)
          if fs.isDir(path) then
                yieldFsList(path)
          else
                coroutine.yield(path, file)
          end
        end
  end

  return coroutine.wrap(function() yieldFsList(start or "/") end)
end

for fullpath, name in fsList("/") do --# Loop through all files on the computer
    local f = fs.open( fullpath, "r" ) --# open the file in mode 'r' to read the file
    local code = f.readAll() --# Assign the read data to the variable code
    f.close() --# Close the file when done
    for i, v in pairs( keywords ) do --# Loop through all the keywords
        if code:find( i ) then --# Check if you find any of the keywords in the code
            print( "Potentionally dangerous file: " .. fullpath .. ": trying to :" .. v )
        end
    end
end
Even though this is more efficient than checking filenames you can't be sure that it's a virus, lot's of programs use fs and some use rawset. But that doesn't mean it's a virus :P/>
133spider #12
Posted 20 June 2014 - 12:22 AM
Even though this is more efficient than checking filenames you can't be sure that it's a virus, lot's of programs use fs and some use rawset. But that doesn't mean it's a virus

In that case:

Spoiler

local falsePositives = {"directory/file1", "safeFile", "direc1/direc2/file"}

local keywords = {
    ["rawset"] = "Destroy your computer! D-:";
    ["fs"] = "Access filesystem";
}

local function fsList(start)
  local function yieldFsList(startPath)
	  local list = fs.list(startPath)
            for _, file in ipairs(list) do
                if falsePositives[file] == nil then -- #Checks if the file isn't in the table 'falsePositive'
                    local path = fs.combine(startPath, file)
                    if fs.isDir(path) then
                            yieldFsList(path)
                    else
                            coroutine.yield(path, file)
                    end
            end
	  end
  end

  return coroutine.wrap(function() yieldFsList(start or "/") end)
end


for fullpath, name in fsList("/") do
    local f = fs.open( fullpath, "r" )
    local code = f.readAll()
    f.close() --# Close the file when done
    for i, v in pairs( keywords ) do
        if code:find( i ) then
            print( "Potentionally dangerous file: " .. fullpath .. ": trying to :" .. v )
        end
    end
end

You could get an input from the user which you can then add to a table (in this case I named the table 'falsePositives') to avoid the Anti-Virus from accidently deleting the file
Cranium #13
Posted 20 June 2014 - 03:24 AM
You're encouraging others to post known viruses, and you are only looking for specific filenames. Who in their right mind is going to be creating a virus, and name it "virus"? Nobody, that's who.