Mailing List Archive: Supporting Emulators

Supporting Emulators

Oct 23, 2010, 4:11 PM

Post #1 of 3 (1675 views)

Hello everyone

First I want to say it's a great antivirus and seems it will have a good
future

Second I want to say when I read some portions of the source code I see it
doesn't have an emulator (except yc emulator) to detect polymorphic viruses
or support heuristic detections .

I suggest to add an open source emulator to the application to make it run
when the md5 scan failed to detect any virus .

I suggest to use Pokas x86 Emulator (http://sourceforge.net/projects/x86emu/
)
(as I'm the Author of it) or support ida-emulator by Crist Eagle

Thanks
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

Re: Supporting Emulators [ In reply to ]

bperry.volatile at gmail

Oct 23, 2010, 4:20 PM

Post #2 of 3 (1619 views)

Permalink

I think if a discussion were to take place on this, Bochs should
certainly be an option.

http://bochs.sourceforge.net/

It is very mature and used in great projects like qemu.

On Sat, Oct 23, 2010 at 6:11 PM, Amr Thabet
<amr.thabet@student.alx.edu.eg> wrote:
> Hello everyone
>
> First I want to say it's a great antivirus and seems it will have a good
> future
>
> Second I want to say when I read some portions of the source code I see it
> doesn't have an emulator (except yc emulator) to detect polymorphic viruses
> or support heuristic detections .
>
> I suggest to add an open source emulator to the application to make it run
> when the md5 scan failed to detect any virus .
>
> I suggest to use Pokas x86 Emulator (http://sourceforge.net/projects/x86emu/
> )
> (as I'm the Author of it) or support ida-emulator by Crist Eagle
>
> Thanks
> _______________________________________________
> http://lurker.clamav.net/list/clamav-devel.html
> Please submit your patches to our Bugzilla: http://bugs.clamav.net
>

--
http://volatile-minds.blogspot.com -- blog
http://www.volatileminds.net -- website
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net

Re: Supporting Emulators [ In reply to ]

amr.thabet at student

Oct 24, 2010, 10:37 AM

Post #3 of 3 (1607 views)

Permalink

the only problem in Bochs and qemu is they are built for supporting full
virtualization . so emulate the hardware and the the cpu and they don't
support emulating the operating system

so you need to emulate the operating system (Windows or Linux)

you have a good choice is Pandora's Bochs but it's very slow and you
couldn't use it in an antivirus because you can't run it inside an antivirus
transparently

Ida-emu could be modified to support running inside an antivirus. it's a
good choice as it's fast and support windows and linux virtualization
(emulating linux and windows)

Pokas emulator is a good choice as it support conditional breakpoints
without decreasing the performance and support many breakpoints. but it
emulates only windows and a bit slower than ida-emu

Thanks
_______________________________________________
http://lurker.clamav.net/list/clamav-devel.html
Please submit your patches to our Bugzilla: http://bugs.clamav.net