Technology

Scanning engine

The heart of AVG Anti-Virus is the scanning engine - you can imagine it as a "black box" into which requests to scan objects enter and the box returns information indicating if these objects are virus-free or infected.

The scanning engine includes an application interface for communication with other AVG Anti-Virus components (Resident Shield, Scans, E-mail scanner modules and plug-ins etc.) which use this service. It was created with an emphasis on AVG Anti-Virus modularity and is common for all of the mentioned components.

Detection methods

Efficiency in detecting infected files is guaranteed by using a combination of different detection levels. Before the scan itself, the file is pre-processed, which involves removing any parts unnecessary for virus analysis. A quick scanning process is achieved using this technique.

• Known virus detection
  This is the simplest technique in which files are scanned for the presence of virus identifiers (a sequence of bytes characteristic for an exact virus). Based on this kind of detection, detailed analysis is performed to identify the exact infection.
• Generic detection
  This is a more common method for the detection of known viruses and this is used to determine new variants of known viruses. If no known virus is identified, generic detection looks for sequences within the file typical for certain viruses. Such sequences usually don't change within the virus when it is modified, even if the behavior of the new variant is different. This method is effective especially in the detection of macro-viruses and script-viruses.
• Heuristic analysis
  The last method for detecting viruses (where previously mentioned methods were not successful) is Heuristic analysis. Its skill lies in its capacity to (in some cases) detect a virus which is not included in the internal virus database. During Heuristic Analysis, two methods are used:
  • Static Heuristic analysis - looking for suspicious data constructions
  • Dynamic Heuristic analysis - code emulation: this means the file is started inside the protected environment of a virtual computer inside AVG. The file is analyzed for actions typical for viruses. An example being an application which when run looks for other executable files in order to modify them.

Detection levels

AVG E-mail Scanner (EMS)

E-mail scanning is supported either directly by plug-ins for certain applications (Microsoft Outlook, The Bat!) or by Personal E-mail scanner - AVG EMS works at POP3 and SMTP protocol level. EMS can also protect the e-mail communication of all other E-mail clients (for example Outlook Express).

• With AVG EMS, it is possible to filter attachments by their extensions or by their content
• The solution at POP3/SMTP protocol level is independent of the E-mail client used
• It is possible to protect multiple e-mail accounts and to check multiple e-mail servers
• SMTP authentication is supported
• Secured (SSL) communication is supported

Computer scanner - ON-DEMAND scan

On-demand checking of files or system areas can be performed in three ways:

• Scheduled Tests
  by default, the Complete Test is set to be started every day as scheduled to ensure the basic functionality of this level of protection. From the User Interface it is possible to create new Tests and to set when and what should be checked and what to do in case of infection.
• Manually started Tests
  It is possible to start defined Tests from the User Interface whenever required. An example would be the Selected areas scan.
• Windows Explorer extension included in AVG integration into Windows
  This is a simple and very quick method of checking a specific file. You can use the Windows Explorer environment by right-mouse-button clicking on the appropriate file and selecting the option "Test by AVG".

Resident Shield - ON-ACCESS scan

The Resident Shield protects the computer whenever the operating system is running. It works in the background and ensures transparent anti-virus file scanning when opening or executing files. There is also the option to scan when saving files. The Resident Shield runs automatically if a virus is detected, the Resident Shield blocks the opening or running of the infected file. The Resident shield stores information about files it has checked eliminating the need to recheck them if no modifications have been made.

Web Shield – Network Scanner

The Web Shield works for networks in the same way as the Resident Shield does for files. The Web Shield intercepts all traffic on selected ports and passes the data into several scanning engines: HTTP traffic is scanned by AVG’s Scanning Engine as well as XPL’s LinkScanner, Instant Messaging Protection allows users to define their own white and black-lists for ICQ and MSN protocols.

Anti-Rootkit

Anti-Rootkit technology detects malicious programs that try to hide in the system by comparing two different views of the file system and running processes. The user-level view is compared to the operating system’s kernel view and any discrepancies are reported as the possible presence of a root-kit in the system.

Update

It is vital for successful virus detection to keep your AVG installation up-to-date. AVG Anti-Virus offers you several ways to keep it up-to-date, including a fully automated update process. The availability of update files is guaranteed even when a large number of requests to download updates are sent to our servers. We distribute our update files using a professional worldwide server network service.

Main Features

• Small update files (the size is typically only tens of KB)
• Rare requirements to restart the computer after the update
• Regular updates are released 2 times every week, priority updates are released whenever necessary (whenever a new virus is being spread) v
• Possibility to schedule or manually perform an update
• Proxy server authentication support
• Registered users can receive information about new updates through the AVG UPDATE e-mail conference
• Update files are available even during periods of high demand for downloads

Options for how to update

• Automatic detection of an Internet connection (if you are using a Dial-up connection) followed by an automatic update
• Detection of the existence of a new update file included in the scheduled tasks (AVG Anti-Virus and AVGADMIN)
• Manual download of a new update file from the Internet
• Manual update from a folder

Homepage | Site Map | Contacts | Privacy Policy | License Agreements | Imprint | RSS
© 2008 AVG Technologies, formerly Grisoft