I'm getting to make a simple antivirus engine, and my first problem is how to scan the virus signature on a large number of files. For example, i have the virus signature like '5D5E4A4E6HEDSWESDC????4523' , it's look like will have to much time and CPU to find this pattern, is there away do this faster ? i wish to know how kaspersky do this  :P.

any advice, suggest ... thank very much.
Posted on 2008-07-21 21:34:08 by secmask
Perhaps you could start with a boyer-moore routine modified to support wildcards - getting it to support half-byte wildcards (which can be useful) might turn out to be a bit tricky, though.

But imho pattern-scanning isn't all that useful for a modern antivirus scanner, you need more complex scanning techniques to catch the real nasties... and heck, I'd even argue that scanning isn't the best way to go, and behavioral-based blocking should get some more attention.
Posted on 2008-07-21 21:39:28 by f0dder
oh, yeh, i'll implement both of those method. so now, i've searching for some tutorials, and http://www-igm.univ-mlv.fr/~lecroq/string/ maybe a good start  :D.
Posted on 2008-07-23 08:56:32 by secmask