# Antivirus Scanning

## First Step

* Mainly rely on
  * a database of identifiable pieces of known suspicious code (file signatures)
  * behavioral and pattern-matching analysis (heuristics)
* It can be useful to run several different antivirus programs against the same piece of suspected malware
* Malware can easily change its signature and fool the antivirus
* [VirusTotal](http://www.virustotal.com/) is convenient, but using it may alert attackers that they’ve been caught