Virus Scanning Date Selection ?

  • Thread starter Thread starter News Reader
  • Start date Start date
N

News Reader

While viewing the list of files while AVG was running today I got to
thinking: why scan a file that was scanned last week and hasn't
changed since then?

So, is there any freeware virus scanner that allows you to select a
file's date for scanning? Something like 'select files modified
after...' an entered date. I'm thinking that any file scanned today
and not modified after today does not need to be rescanned the next
time I run AVG.

Any flaws in my thinking?
 
While viewing the list of files while AVG was running today I got to
thinking: why scan a file that was scanned last week and hasn't
changed since then?

So, is there any freeware virus scanner that allows you to select a
file's date for scanning? Something like 'select files modified
after...' an entered date. I'm thinking that any file scanned today
and not modified after today does not need to be rescanned the next
time I run AVG.

Any flaws in my thinking?
Click to expand...

It's a good and reasonable idea, IMO. What comes to mind for starters
is McAfee's command line scanner. It can be set to scan only files in
a list. The list of paths to files to scan would have to be generated
by another program. That program would generate a list of files
written to the drive or modifed after a prescribed date. I know that
list can be generated very quickly since I've been writing programs to
do exactly that lately :) Dunno what the official position of
NAI-McAfee is nowdays on the free use of their command line scanner.
It's freely available for download the last time I looked.

I'll likely put together a prototype since I think it's an idea worth
following up on and playing with.


Art
http://www.epix.net/~artnpeg
 
??What if a malware replaced scanned files with pre-dated ones???
ex: rid of "explorer.exe" dated July 19th 2004 with one dated June 19th
2004.
 
??What if a malware replaced scanned files with pre-dated ones???
ex: rid of "explorer.exe" dated July 19th 2004 with one dated June 19th
2004.
Click to expand...

The interrupt service used in my program supplies three dates:

1. File written to disk
2. File last accessed
3. File last modified

It can't be fooled that easily :)


Art
http://www.epix.net/~artnpeg
 
Back
Top