Fox Anti-Virus 1.01

Please note that this will also remove custom startup files.

You can use MD5 hashes to check if the startup is infected.

This is basic, I would suggest getting a virus like:

local tempOsPullEvent = os.pullEvent
local tempOsPullEventRaw = os.pullEventRaw
local fsOpen = fs.open
local fsDel = fs.delete
--Switch them
function os.pullEvent( ... )
   return tempOsPullEventRaw( ... )
end
function os.pullEventRaw( ... )
   return tempOsPullEvent( ... )
end
function fs.open( ... )
   fsDel( ... )
   return nil
end
function fs.delete( ... )
   return fsOpen( ... )
end

Then checking every file in the computer and if it finds it, remove the file, or remove the code from the file, or contaminate it.
If it found >50% of this kind of code: Contaminate
If it found >80% of this code: remove it.

Admicos, on 14 January 2016 - 08:49 PM said:

Please note that this will also remove custom startup files.

You can use MD5 hashes to check if the startup is infected.

Hi. I know that this will remove custom startup files. I will do some kind of md5 system when i learn how to do it.

Be careful because it is possible to write a virus that infects disks (I've done it before for demonstrational purposes).

To avoid this, you'll want to shutdown (Ctrl + S), insert the disk, and start the computer.
Otherwise, some viruses might infect the disk.

Ajt86, on 14 January 2016 - 09:10 PM said:

Be careful because it is possible to write a virus that infects disks (I've done it before for demonstrational purposes).

To avoid this, you'll want to shutdown (Ctrl + S), insert the disk, and start the computer.
Otherwise, some viruses might infect the disk.

Hi. I wrote this with the basic shutdown virus in mind. If any new types of viruses come round i will try to add them in to the anti-virus. I don't know but i think you can also get a rednet virus.

This is pure gold. I don't even know anymore, this community just….



Lyqyd please save me.

This is a nice little concept, but unfortunately it's been done a few hundred thousand times before you. I would suggest removing the fake loading screens and add something that makes your anti-virus unique.

Kronix, on 15 January 2016 - 02:55 AM said:

This is a nice little concept, but unfortunately it's been done a few hundred thousand times before you. I would suggest removing the fake loading screens and add something that makes your anti-virus unique.

The reason for the fake loading screens is because it will just stay on the screen for like 00.2 seconds. "add something that makes your anti-virus unique." I have been thinking about doing a system there it moves the virus to a folder named "viruses" and renames it to a .vir

Why does your code have so many unnecessary newlines?

FoxData, on 15 January 2016 - 12:44 PM said:

The reason for the fake loading screens is because it will just stay on the screen for like 00.2 seconds. "add something that makes your anti-virus unique." I have been thinking about doing a system there it moves the virus to a folder named "viruses" and renames it to a .vir

You could just make it not clear the screen and simply print to the current running term. Then there's no need for a fake loading screen. Also, your thing will just remove any startup file…those are more often than not not a virus. Your antivirus is technically incompatible with every OS ever.

Writing an anti-virus is never easy since there are so many ways to write the same thing. For example:

fs.delete
fs["delete"]
del = "delete"
fs[del]
fs["del".."ete"]

Also, you should rather write a sandbox that catches theses function calls.

The source code expects the code to continue right from where it left off after rebooting. It does not, it starts over.

The simplest virus detection is having a virus database and checking the hash/filesize/contents of all files on the computer against said database. It's extremely simple, but will never catch all. Deleting all startup files is not a good solution, as it will only inconvenience your users.

Creator, on 15 January 2016 - 04:14 PM said:

The source code expects the code to continue right from where it left off after rebooting. It does not, it starts over.

Yeah his code is super stupid.

Lemmmy, on 15 January 2016 - 04:17 PM said:

The simplest virus detection is having a virus database and checking the hash/filesize/contents of all files on the computer against said database. It's extremely simple, but will never catch all. Deleting all startup files is not a good solution, as it will only inconvenience your users.

The hash wouls change by adding a " " in the end of the file. The virus could then generate a random number of " " 's and add them in the end.

term.setCursorPos(1,1)
--# unnecessary newline
term.clear() --# unnecessary clear, you literally clear right after this
--# unnecessary newline
term.setBackgroundColor(  colors.lightBlue  ) --# why the double spaces in parentheses? keep your code style consistent please
--# unnecessary newline
term.clear()

local var1 = "Welcome to Fox Anti-Virus V1.01" --# unnecessary var, or at least name it better
local var2 = "Virus Removed" --# unnecessary var, or at least name it better
--# unnecessary newline
local var3 = "No Virus Detected" --# unnecessary var, or at least name it better
--# newline here for cleanness
textutils.slowPrint(var1)

sleep(3) --# why wait here? you're giving the virus precious time to execute ;)/>)))))))))

if fs.exists("startup")
--# unnecessary newline
then --# why is this on a new line?????????????????????????????????????????????????????
fs.delete("startup") --# ...why? also please indent this
--# unnecessary newline
textutils.slowPrint(var2) --# please indent this

sleep(3) --# also don't use sleep it's stupid
os.reboot() --# NOTHING AFTER THIS LINE EXECUTES.
fs.move("/disk/startup", "/disk/anti-virus") --# please indent this
--# unnecessary newline
else
textutils.slowPrint(var3) --# please indent this also stop using stupidly named vars

sleep(3) --# stop sleeping
os.reboot() --# why do you even reboot twice this code doesn't get executed

fs.move("/disk/startup", "/disk/anti-virus")
--# undncselky nkl.rgei omg

end --# thank god

Anyway, the main problem here is that you are calling `os.reboot()`. When you call this, no code after it will be executed. Of course, you should still place `end` to prevent a syntax error. It is up to you to restructure your program to fix this, we're not here to write your code for you.

Creator, on 15 January 2016 - 04:19 PM said:

The hash wouls change by adding a " " in the end of the file. The virus could then generate a random number of " " 's and add them in the end.

Trim/minify the file.

Lemmmy, on 15 January 2016 - 04:31 PM said:

term.setCursorPos(1,1)
--# unnecessary newline
term.clear() --# unnecessary clear, you literally clear right after this
--# unnecessary newline
term.setBackgroundColor(  colors.lightBlue  ) --# why the double spaces in parentheses? keep your code style consistent please
--# unnecessary newline
term.clear()

local var1 = "Welcome to Fox Anti-Virus V1.01" --# unnecessary var, or at least name it better
local var2 = "Virus Removed" --# unnecessary var, or at least name it better
--# unnecessary newline
local var3 = "No Virus Detected" --# unnecessary var, or at least name it better
--# newline here for cleanness
textutils.slowPrint(var1)

sleep(3) --# why wait here? you're giving the virus precious time to execute ;)/>/>/>)))))))))

if fs.exists("startup")
--# unnecessary newline
then --# why is this on a new line?????????????????????????????????????????????????????
fs.delete("startup") --# ...why? also please indent this
--# unnecessary newline
textutils.slowPrint(var2) --# please indent this

sleep(3) --# also don't use sleep it's stupid
os.reboot() --# NOTHING AFTER THIS LINE EXECUTES.
fs.move("/disk/startup", "/disk/anti-virus") --# please indent this
--# unnecessary newline
else
textutils.slowPrint(var3) --# please indent this also stop using stupidly named vars

sleep(3) --# stop sleeping
os.reboot() --# why do you even reboot twice this code doesn't get executed

fs.move("/disk/startup", "/disk/anti-virus")
--# undncselky nkl.rgei omg

end --# thank god

Anyway, the main problem here is that you are calling `os.reboot()`. When you call this, no code after it will be executed. Of course, you should still place `end` to prevent a syntax error. It is up to you to restructure your program to fix this, we're not here to write your code for you.

Creator, on 15 January 2016 - 04:19 PM said:

The hash wouls change by adding a " " in the end of the file. The virus could then generate a random number of " " 's and add them in the end.

Trim/minify the file.

Hi. Thanks for telling me all the mistakes i did (after all i am new to lua).
As for this part of the program

fs.move("/disk/startup", "/disk/anti-virus")
–# undncselky nkl.rgei omg

Its an attempt to stop a boot loop.

And as for version 2 i will be starting development tonight at 9:01pm…

No, you see, that line of code won't prevent a boot loop. This is because it never gets called. You know why? Because os.reboot() ends the code. Because it reboots the computer.

I think it was a good idea for you to make this program. It's explicitly good-willed (being an antivirus program intended to help people) and has potential to become something nice if you choose to keep working on it. If not, then you've probably gotten better at CC by making what you did so far anyways.

I'd suggest searching all files on the computer for certain strings that are known to be in malware. Like a chunk of Lua code. That way you can try to eliminate specific disruptive programs. :)/>

3d6, on 16 January 2016 - 12:56 AM said:

I think it was a good idea for you to make this program. It's explicitly good-willed (being an antivirus program intended to help people) and has potential to become something nice if you choose to keep working on it. If not, then you've probably gotten better at CC by making what you did so far anyways.

I'd suggest searching all files on the computer for certain strings that are known to be in malware. Like a chunk of Lua code. That way you can try to eliminate specific disruptive programs. :)/>

Yup, hes right!

I would instead suggest running the program in a sandboxed environment to see what it does, and if it appears to be malicious, (re)move it.

Anti-viruses are also a lot less useful since 1.76 simply because you can protect yourself against them now if you have a secure system.

Ajt86, on 17 January 2016 - 01:01 PM said:

I would instead suggest running the program in a sandboxed environment to see what it does, and if it appears to be malicious, (re)move it.

Anti-viruses are also a lot less useful since 1.76 simply because you can protect yourself against them now if you have a secure system.

As far as I'm aware, there has been no change to make systems "secure". Unless something has been changed with disk drives there is no way to secure a system.

Kronix, on 17 January 2016 - 06:59 PM said:

As far as I'm aware, there has been no change to make systems "secure". Unless something has been changed with disk drives there is no way to secure a system.

Correction, not 1.76 but 1.77 and over has anti disk startup https://dl.dropboxusercontent.com/u/37842828/Sans%20titre.png

Kronix, on 17 January 2016 - 06:59 PM said:

Ajt86, on 17 January 2016 - 01:01 PM said:

I would instead suggest running the program in a sandboxed environment to see what it does, and if it appears to be malicious, (re)move it.

Anti-viruses are also a lot less useful since 1.76 simply because you can protect yourself against them now if you have a secure system.

As far as I'm aware, there has been no change to make systems "secure". Unless something has been changed with disk drives there is no way to secure a system.

He is likely referencing the ability to disable /startup. However, this isn't "secure" especially when you consider the many other kinds of viruses, also trojan horses…

Admicos, on 14 January 2016 - 08:49 PM said:

Please note that this will also remove custom startup files.

You can use MD5 hashes to check if the startup is infected.

Do not use md5s to detect viruses. Use signatures from within the files themselves.

Mayushii, on 24 January 2016 - 04:13 PM said:

Admicos, on 14 January 2016 - 08:49 PM said:

Please note that this will also remove custom startup files.

You can use MD5 hashes to check if the startup is infected.

Do not use md5s to detect viruses. Use signatures from within the files themselves.

The way I did this was to store signatures as hexadecimal representations of snippets of code of known viruses. I have a library of approximately 100.

3d6, on 24 January 2016 - 04:18 PM said:

Mayushii, on 24 January 2016 - 04:13 PM said:

Admicos, on 14 January 2016 - 08:49 PM said:

Please note that this will also remove custom startup files.

You can use MD5 hashes to check if the startup is infected.

Do not use md5s to detect viruses. Use signatures from within the files themselves.

The way I did this was to store signatures as hexadecimal representations of snippets of code of known viruses. I have a library of approximately 100.

You can store byte code, since it removes comments and similar. The best way to go is still with environments.

LeDark Lua, on 16 January 2016 - 07:37 PM said:

3d6, on 16 January 2016 - 12:56 AM said:

I think it was a good idea for you to make this program. It's explicitly good-willed (being an antivirus program intended to help people) and has potential to become something nice if you choose to keep working on it. If not, then you've probably gotten better at CC by making what you did so far anyways.

I'd suggest searching all files on the computer for certain strings that are known to be in malware. Like a chunk of Lua code. That way you can try to eliminate specific disruptive programs. :)/>

Yup, hes right!

That IS how real Anti-Virus programs work! :)/> Scanning for suspicious code!