Question about AV and how they scan?

[lallous]

Hello

I wonder how can the antivirus using his large virus info database (say
100,000 entries), detect a virus in a given file in no time.

How does it detect a virus based on that big database in short time?

Regards,
Elias

 

[Dave Budd]

Hello

I wonder how can the antivirus using his large virus info database (say
100,000 entries), detect a virus in a given file in no time.

How does it detect a virus based on that big database in short time?

Regards,
Elias

You don't have to compare against each entry 1 at a time, for
one thing. You might, for example, have a tree structure with
10 branches at each level, when you could reach 100,000
possible endpoints with just 5 10-way checks.
For another thing, conputers can carry out many million
comparison operations per second - it's rather the point of
having computers at all.

 

[Roger Wilco]

Hello

I wonder how can the antivirus using his large virus info database (say
100,000 entries), detect a virus in a given file in no time.

Try it on a 40Mhz 386 and you will see it doesn't do it in no time.

How does it detect a virus based on that big database in short time?

Certain filetypes would only be infected by a subset of all viruses.
Certain hints or clues can be looked for first to eliminate many or most
of that remaining set, giving a further subset of that subset. Then
scanning for what viruses could be expected in that file is really fast
anyway - but now the set is a lot smaller than all viruses it can be
expected to find in all filetypes.