Antivirus Scanning

First Step

  • Mainly rely on

    • a database of identifiable pieces of known suspicious code (file signatures)

    • behavioral and pattern-matching analysis (heuristics)

  • It can be useful to run several different antivirus programs against the same piece of suspected malware

  • Malware can easily change its signature and fool the antivirus

  • VirusTotal is convenient, but using it may alert attackers that they’ve been caught

Last updated