How is the VGrep database created?

  • First, anti-virus products are run across an extensive collection of viruses while set to scan files with non-executable extensions (the files in the collection have been renamed to prevent someone running one by accident), write a log file and run without user input.
  • Next, the log files have to be parsed. Each log file is converted to a generic format: FILENAME|VIRUS_FOUND.
  • These intermediate logs are sorted and contrasted to detect if a product has skipped a file or has not reported that a file was infected: some products cannot be told to report all files checked. Missing entries are fixed, and the files are sorted again. All the logs are now of the same length and in the same order.
  • The files are now combined. This is fairly simple, because of the strict ordering imposed in the previous step.
  • Finally, the filenames are removed and the file is sorted and duplicates are removed, creating VGREP.DAT. VGREP.CFG is created manually, and specifies the order of the products on each line of VGREP.DAT. VGREP.EXE does not need to be recompiled unless new features have been added. These files can be downloaded as part of the vgrep.zip file.

Adding products to VGrep

There are certain minimum requirements a product must fulfill before it can be considered for addition to VGrep. It must be able to run unattended, it must write an ASCII text log file (this does not have to contain the name of every file scanned, as it is patched later), and it must be able to correctly scan renamed executables. It must also be able to check for boot sector viruses in files - the boot sector viruses are stored in disk-images in the collection. Finally, the application must be entirely controllable from the command line.

These requirements trip up quite a number of products, especially in these modern times when people place a lot of emphasis on user-interfaces. It should be possible to add any product that meets these requirements to VGrep.

More details:

What is VGrep, and why do we need it?

VGrep's input and output

Which products are indexed?

Poll

Do you use the same password(s) across multiple websites?
I use the same password for all sites
I have a number of passwords but use the same for some sites
I use a different password for each site
I don't sign up to any sites that require a password

Leave a comment
View 4 comments
Jobs Recruit Sidebar

Virus Bulletin

In this month's magazine:
  • Social networking meets social engineering
  • Flying solo
  • Geneva convention
  • 7th German Anti Spam Summit 2009
  • Anti-phishing landing page: turning a 404 into a teachable moment
  • An update on spamming botnets: are we losing the war?
  • Windows Server 2008 Standard Edition SP2 x86
Virus Bulletin 10 2009
Subscribe now!
Virus Bulletin currently has 190,364 registered users.