1

I am trying to create a virus scanner in Python, and I know that signature based detection is possible, but is heuristic based detection possible in Python, ie. run a program in a safe environment, or scan the program's code, or check what the program behaves like, and then decide if the program is a virus or not.

  • 1
    Have you checked out PyClamd? http://xael.org/norman/python/pyclamd/ **or** https://github.com/graingert/python-clamd – ham-sandwich Aug 27 '14 at 18:56
  • Can I use PyClamd in commercial software with a proprietary license? –  Aug 28 '14 at 08:31
  • yes you can. Clamd is released as open-source software under the LGPL license. See: http://www.gnu.org/licenses/lgpl.html – ham-sandwich Aug 28 '14 at 09:36
  • But the ClamAv daemon itself uses the GPL license. Does that matter? –  Aug 28 '14 at 09:37
  • Sure, this is allowed, but you still have to meet all of the requirements of the GPL license. Whoever you sell it to must be allowed to use, modify and redistribute it as allowed by the GPL. Kind of like WordPress... all premium WordPress themes would become GPL. – ham-sandwich Aug 28 '14 at 09:40
  • Yeah. That's what I thought. Thanks! –  Aug 28 '14 at 09:44

3 Answers3

2

Yes, it is possible.

...and...

No, it is probably not the easiest, fastest, best performing, or most efficient way to accomplish the task.

Nathan Stocks
  • 2,096
  • 3
  • 20
  • 31
2

Well, sure it's possible. Python is turing-complete, so you can use it to the same ends as you can use other programming languages like C++. And you can certainly do a primitive signature-based or code-inspecting check in Python without great difficulty. So the answer to that question is yes.

Now for the deeper question: are you asking whether Python is a good tool for this job? I don't think so, primarily because Python Code is Hard to Obscure, which means that if you develop an anti-virus in Python, it becomes weak the moment you give it to other people. That's because a virus developer will find it easy to inspect your anti-virus engine, since you will not be able to obscure your python code. That means that they can find vulnerabilities in your virus scanner easily.

Indeed, one of the key components of a good anti-virus is making it as hard to reverse-engineer as possible, so that virus developers won't figure out what the weaknesses of your anti-virus engine are. Anything written in python is typically quite easy to reverse-engineer, so it won't do for real protection.

Community
  • 1
  • 1
Newb
  • 2,810
  • 3
  • 21
  • 35
2

Python is described as a general purpose programming language so yes, this is defiantly possible but not necessarily the best implementation. In programming, just like a trade, you should use the best tools for the job.

It could be recommended prototyping your application with Python and Clamd and then consider moving to another language if you want a closed source solution, which you can sell and protect your intellectual property.

Newb quotes:

Anything written in python is typically quite easy to reverse-engineer, so it won't do for real protection.

I disagree, in fact a lot but it is up for debate I suppose. I really depends how the developer packages the application.

ham-sandwich
  • 3,975
  • 10
  • 34
  • 46