i authored small code in C to scan all files &lifier folders during my hard disk... and in addition it can see top of the area of the binary code of executable files (like .exe ) and compare it by having an inline single binary signature (in hexadecimal representation) . It may show a note when the signature matches the bin code associated with a scanned file.
We observe that i saved the sample signature in a wide array since it is only one signature. What i must do if i wish to add all signatures! I have to make use of a database! But what type of database will i need? and shall i have to use SQL query to obtain and compare the signatures! what type of database perform the commercial antiviruses (Kaspersky, Symantic, ..etc) use? any idea plz?
SQLite may well be a sensible choice for the application. It is a light footprint SQL engine as in comparison to real RDBMS systems like SQL Server / Oracle, etc.
A side note: you may consider keeping this database someplace apart from the machine under consideration. It appears just like you are worried about malicious customers modifying the items in your drive. If that's the case, individuals same customers could easily be familiar with your plan and be sure that any files they alter will also be reflected with a brand new hash value inside your database, so when you attend perform a comparison, they'll always match. If rather, you take your program, keep hash values inside a database that's on the different system, you may be much more comfortable that the database wasn't jeopardized, because both systems would need to happen to be absorbed.
Berkeley DB is really a free/free embedded database library that's essentially a vital-value store on disk (search tree or hash table, based on configurations). It's even simpler than SQLite since it eliminates the thought of relational data and SQL.
You could utilize virus signatures as secrets as well as their names as values, for instance.
professional avs avoid using sql to complement virus signatures. its an infinitely more complicated process. have a look at http://sourceforge.net/projects/clamwin/ if you are looking at the topic. Or on Kaspersky 2008 leaked sources ...