132 posts
Location
Florida, USA
Posted 22 July 2014 - 11:50 PM
VirusAnti
VirusAnti is a antivirus for CC. A true antivirus can not be created in cc, but this is as close as you can get. VirusAnti currently can scan files and tell you if there using any apis that could be used maliciously. VirusAnti WILL report almost all programs as a threat, the user needs to use his own discernment on whether the file is safe. VirusAnti probably is better titled a api scanner, but it will contain more features later that make it more like a antivirus.
ToDo List:
Sandboxing Programs
Checking File Hashes Against Hashes of Viruses (Still deciding if this is going to be added)
Download:
pastebin get MQmsYt3Z virusanti
Usage:
virusanti scan <filename>
Please report any bugs! Suggestions and constructive criticism are also welcome!
Edited on 22 July 2014 - 10:03 PM
598 posts
Location
The United States
Posted 23 July 2014 - 12:40 AM
Sooo it's just a fancy string.find? Also, this doesn't check if it is using the API, it just checks whether that word is in the program. To prove this point, I made a program like this,
print("I like rednet.")
And the anti-virus yelled,
File is using rednet
In red background.
I do realize that this is only version 0.1, and this will become better and more sophisticated over time, so I will try to be easy on you. :)/>
132 posts
Location
Florida, USA
Posted 23 July 2014 - 12:53 AM
Sooo it's just a fancy string.find? Also, this doesn't check if it is using the API, it just checks whether that word is in the program. To prove this point, I made a program like this,
print("I like rednet.")
And the anti-virus yelled,
File is using rednet
In red background.
I do realize that this is only version 0.1, and this will become better and more sophisticated over time, so I will try to be easy on you. :)/>
Thanks, yes it is not perfect and its quite simple right now. I am thinking of making this a different type of program, a program analysis tool. What do you think?
Ps. I just realized this is my 50th post :D/>
Edited on 22 July 2014 - 10:57 PM
598 posts
Location
The United States
Posted 23 July 2014 - 01:12 AM
Sooo it's just a fancy string.find? Also, this doesn't check if it is using the API, it just checks whether that word is in the program. To prove this point, I made a program like this,
print("I like rednet.")
And the anti-virus yelled,
File is using rednet
In red background.
I do realize that this is only version 0.1, and this will become better and more sophisticated over time, so I will try to be easy on you. :)/>
Thanks, yes it is not perfect and its quite simple right now. I am thinking of making this a different type of program, a program analysis tool.
What do you think?Ps. I just realized this is my 50th post :D/>
I think it's just a fancy string.find program. I'm sure it will get better in the future though.
18 posts
Location
Spain
Posted 24 July 2014 - 12:50 AM
The same problem as every antivirus, easily bypassed, instead of fs.open("/startup") do fs.open("/start".."up") and bypassed, this is where the sandbox function comes handy, as it checks the result.
If you make a good sandbox function, it may become the best antivirus ever created ;)/>
Edited on 23 July 2014 - 10:50 PM
656 posts
Posted 24 July 2014 - 07:35 PM
Why would ._G be malicious? And why would you even use that?
18 posts
Location
Spain
Posted 24 July 2014 - 10:36 PM
It can be used to bypass stuff, in non malicious programs there is no real need to use it.
Edited on 24 July 2014 - 08:36 PM
656 posts
Posted 25 July 2014 - 07:03 AM
It can be used to bypass suff, in non malicious programs there is no real need to use it.
What can you bypass using ._G? You can access al those variables without that prefix anyway…
283 posts
Posted 19 March 2015 - 01:01 PM
str:match to see if its actually rednet, also, most virus programs actually are called virus, or say 'virus' in the program. its quite dumb, but yes, they do that.
132 posts
Location
Florida, USA
Posted 19 March 2015 - 02:43 PM
This project is kind of abandoned, just saying. I am still working on a good sandbox though :)/>