Architecture and working of an Antivirus Engine

Antivirus is one of the inevitable part of a system, whether at home, office or even on gadgets, the prime concern is that of security of the device, system. But have you ever wondered that how the Antivirus works? In this resource we are having a detailed discussion on the Antivirus Architecture, as well as the algorithms which they follow.

Architecture of an Antivirus Engine

The antivirus engine has a very interesting layeral architecture. There are around five layers; each has its own specialty as well as the functionality attached to it. The first one is the User Interface layer which has the functionality of enabling the interface. The second layer is of the Engine Core, which follows a particular algorithm. The third layer contains File System Interface, File Type Scanner, Memory scanner, Decompression and code emulator. The last but not the least layer is the Hardware.

Working of an Antivirus Engine

Whenever we attach any external drive into our system, the very first step we perform is the security of the system. We try to scan the drive, which so ever is attached by using antivirus we have installed on our system.
Antivirus engine Architecture
  1. In order to understand how antivirus engine works, it is very necessary to understand the basic architecture and details so that when the one runs on the system, each and every detail can be analyzed.

  2. It is not so evident that every time we have a new version of a particular Antivirus engine, then the core is made from the scratch, it is sometimes revised from the earlier one, so the load is minimized.

  3. The antivirus engine contains an Engine core, the second layer is dedicated to the file system interface, scanner and emulators.

  4. The engine core has the functionality to intact the entire software together. In order words it acts as a sticky substance which is ready to call the desired module, when required.

  5. The basic requirement is to have a scan engine, some prefer to have third party scan engines and it is very clear that they are not considered as part of the framework.

  6. But some of the most popular and genuine used software's have their own scan engines. The Scanner used in these scan engines are their own scanner.

  7. There are generally two scanning algorithms, one is a heuristic based and other is signature. The scan string based technologies search in the given file and looks for a particular matching string.

  8. When the scanner founds the already defined or predefined strings then the necessary actions are performed by the engine.

  9. When following heuristic based scanning algorithms, the string is not looked but we look for certain instruction or commands in the files.

  10. In order to understand better, when certain codes is encrypted then we tend to find decryption code, instructions by following the heuristic scanning algorithms.

  11. So when we select a particular file or folder, then it passes through number of steps, which includes submitting a file to scan engines, scanning based on algorithms and then appropriate actions are performed.

  12. The processing of file is one of the most important phase of any antivirus engine. We have certain modules which are designed appropriately.

  13. The Random Access Memory is generally accessed by the scanning blocks, there are memory scanners which perform the appropriate actions on the memory.

  14. We have emulators and its function is similar to any other emulator. It creates its own virtual environment. There are several benefits of having an emulator attached to it.

  15. The emulator has the ability to determine which action will be performed and what effect can be there on the whole system, if the malware is allowed to run.

  16. Another important module which runs after a particular time interval and acts is the update module. Every day new definitions are created and that has to be added in the database as well.

Related Articles

Prices and reviews of the best security suits in the market

Are you tired of the false claims of antivirus softwares to make your PC clean from all the bugs, worms and viruses? Are you searching for a guide to help you choose a good software for online protection? If yes, then then you have landed out on the right place. Red on to find out more.

The process of replication in viruses

In this article I have discussed about viral replication process. Since viruses are not much complex at genome level, a relatively simple process of replication occurs in them. Viruses that have DNA as their genetic material replicate it by using theta mode of replication. Why it is called as theta mode of replication, let us know?

Cyber Crime And Its Methods

Cyber crimes is the major problem that has haunted the s of the public to the large extend, there are various methods of Cyber crime that are practiced in the modern days with the only aspect of earning more. There are various methods like Phishing, Email Bombing, Virus and various other methods of Cyber crimes and I have summed up a small article on this cyber crime.

More articles: Antivirus Virus


No responses found. Be the first to comment...

  • Do not include your name, "with regards" etc in the comment. Write detailed comment, relevant to the topic.
  • No HTML formatting and links to other web sites are allowed.
  • This is a strictly moderated site. Absolutely no spam allowed.
  • Name: