This demo video walks you through how the antivirus software developed in the book works. The software consists of Update Server and a client.
The Update Server extracts a hash value from a sample virus and sends the value to the client. In the client, a kernel filter for real-time scanning runs. The filter receives the hash value and monitors file execution and then it checks whether the hash value of an executable matches the received value. If they are matched, the filter will block the execution.
– This demo shows as the below order:
1. Check if the sample virus runs.
2. Start Update Server.
3. Report the virus.
4. Start a real-time scan.
5. Check if the sample virus is blocked.
6. Iterate the process with the date program.