views:

314

answers:

3

I have written some antivirus software in Python, but am unable to find virus signatures. The software works by dumping each file on the hard disk to hex, thus getting the hex signature. Where do i get signatures for all the known viruses?

+2  A: 

I doubt such a list exists, anti-virus companies spend a lot of time/money building their databases and it would seem unlikely that any of them would release the data for free.

Also, as Lasse says, not all viruses have a static signature. The "good" ones (and I would assume that means the majority of viruses from this century) would all be self-mutating.

Dean Harding
Ok, thanks for the responses. I am willing to re write the software to make it "good" and not pointless. I just am not sure I know how. I need the software to be written in python. How would I go about making it good?
Zachary Brown
@Zachary: Why do you want to write anti-virus software? What do you want to do that your competitors (McAfee, Symantec, AVG, Microsoft, etc) aren't doing, or aren't doing well?
Michael Petrotta
I want to provide top quality antivirus software, that update automatically at a reasonable price. I am also learning along the way.
Zachary Brown
@codeka no, all antivirus release this information. They just aren't in a readable form to any other software. But one could certainly reverse engineer it (disregarding the legal part).
jweyrich
@Zachary: good luck to you, and I hope you learn something. Note that Microsoft (to pick the AV vendor that I use) publishes high-quality AV software that updates automatically and frequently, for free (for most Windows SKUs). I don't mean to discourage you, but I hope you comprehend your market - it's saturated, and very difficult to develop for.
Michael Petrotta
OK, then. Do you have any ideas for useful software that is not in a saturated market? I am open to ideas. Just trying to use my skills for good stuff.
Zachary Brown
@jweyrich: Of course they "release" it (otherwise the software wouldn't be able to work) but you can't just "disregard" the legality of reverse engineering the database, particularly when you want to release whatever software you develop from that action.
Dean Harding
@Zachary - ok, write some software that watches a webcam, and translates hand gestures into software actions (pans, zooms, movements). Sell it as a library for games, image processing apps, etc.
Michael Petrotta
Michael Petrotta ; I like that idea? Can you point me in the right direction for that?
Zachary Brown
+4  A: 

There's Clamav, the open source GPL anti-virus. You can read its source code to see how it implements heuristics and other stuff. It's written in C, though.

You can download a virus database there as well. They're free and updated frequently.

nosklo
Well-minded! A great start point. +1
jweyrich
+2  A: 

About 2000 signatures here;

http://files.codes-sources.com/fichier_fullscreen.aspx?id=21418&f=virussignatures.txt&lang=en

and here

http://www.nlnetlabs.nl/downloads/antivirus/antivirus/virussignatures.strings

Hope it helps!

Carlucho
Perfect! I have been looking for this a some time now! +1 for you!
Zachary Brown
You wouldn't happen to know how I would get those signatures of that page, and add them to a MySQL automatically with PHP, would you?
Zachary Brown