virus detection system
DESCRIPTION
It is based on detecting a virus on a file by matching its source code with already existing source code of the virus.TRANSCRIPT
Virus Detection System
1. INTRODUCTION
1.1 Existing System
A computer virus is a computer program that can copy itself and infect a computer
without permission or knowledge of the user. The term "virus" is also commonly used,
albeit erroneously, to refer to many different types of malware and adware programs. The
original virus may modify the copies, or the copies may modify themselves, as occurs in a
metamorphic virus. anti-virus software that can detect and eliminate known viruses after
the computer downloads or runs the executable. There are two common methods that an
anti-virus software application uses to detect viruses. The first, and by far the most
common method of virus detection is using a list of virus signature definitions. They are
heuristic analysis and signature scanning. In signature scanning only single virus can be
detected at a time where as in The second method is to use a heuristic algorithm to find
viruses based on common behaviors. This method has the ability to detect viruses that anti-
virus security firms have yet to create a signature for.
1.2 Proposed System
Virus Detection System is an application which shows the way of approaching a
generic antivirus product. Unlike to some antivirus products which binds themselves to
specific signatures of some particular viruses, this simulation provides a generic approach
by which we are able to detect more than a single virus with a common virus code in the
database.
For the users of antivirus products who would like to know the simulation of an
antivirus the Virus Detection System is an application which shows the way of approaching
a generic antivirus product
Unlike to some antivirus products which binds themselves to specific signatures of
some particular viruses, this simulation provides a generic approach by which we are able
to detect more than a single virus with a common virus code in the database.
1
2. REQUIREMENT ANALYSIS
2.1 System Requirements:
2.1.1 Hardware Requirements:
The various hardware details required for the project are,
PROCESSOR : Intel Pentium II or above
PROCESSOR speed : 1.76 GHZ or above
RAM : 32 MB or above
HDD : 40 MB
2.1.2 Software Requirements:
The various software requirements of this project are,
PLATFORM : WINDOWS XP
FRONT END : C, C# .NET
BACK END : MS ACCESS
2
2.2 SRS
2.2.1 Vision
For the users of antivirus products who would like to know the simulation of an
antivirus the Virus Detection System is an application which shows the way of
approaching a generic antivirus product.
Unlike to some antivirus products which binds themselves to specific signatures of
some particular viruses, this simulation provides a generic approach by which we are able
to detect more than a single virus with a common virus code in the database.
2.2.2 Scope
2.2.2.1Overview:User can get the file, folder or the entire system to be scanned by selecting an
option from the scanning form. As a result of this a report is generated which is provided to
the user. If there are any infected files they are listed in the report. The user will be
provided options to delete the infected files or record their locations to delete them later.
The files selected to be deleted by the user will be removed from the computer
permanently. The locations of infected files will be stored in a safe place if the user selects
the option to delete them later. The user is also provided with an option to update the virus
data base by adding a new code or deleting the existing one.
2.2.2.2 Exclusions:-
The new viruses cannot be detected which are not in the database.
2.2.2.3 Assumptions:-
The virus code in the database must be in Assembly level language.
Database contains at least one virus code.
3
2.2.3 System Functions
S.No. System Function Description
DATABASE UPDATION
1. s1.1 Adding new code to the database.
2. s1.2 Deleting the existing old code.
SCANNING FILES
3. s2.1 Scanning the selected file or folder
4. s2.3 A report is generated with status of scanned files.
5. s2.4 Provides the option to delete the files which is infected.
6. s2.5 Provides an alternate option to record the infected file location.
SCANNING REPORT
7. s3.1 Shows the infected files after scanning is completed.
8. s3.2 Provides the options like moving to vault and delete now.
VIRUS VAULT
8. s4.1 View the affected files.
9 s4.2 Delete the selected files.
4
2.2.4 Glossary
Virus code A program that infects the system
Virus vault The virus affected files are stored here which can be deleted later by the user
2.2.5 Detailed Software Requirements
2.2.5.1 Use case model
2.2.5.1.1 Actors:
Actor Name User
Actor Id ACT-01
Description Handles all tasks throughout the application.
Main Activities
Can select the set of files in his PC to scan them.
Can view the Scanning report when scanning is finished.
Can Select the options provided in Scanning report.
Can update the virus Database.
Can view the virus vault at any time to delete the infected files.
Frequency of Use High
Work Environment / Location Stand alone Window.
Number of Users 1 to Many
5
2.2.5.1.2 List of Use Cases:
Scanning Files.
Updating Database.
Storing the Infected Files.
2.2.5.1.3 Use case diagram:
Fig 2.2.5.1.3 Use case diagram
User
Scanning Files
Storing the infected Files.
Updating Database
6
2.2.6 Detailed Use Case Descriptions:
2.2.6.1 Scanning Table
Use Case
Name
Scanning Files
Use Case ID UC1
Actor(s) User
Summary The user can scan a file, folder, And All drives in My computer and detects the infected
files, generate a scanning report to Use.
Preconditions Database must contain at least one code.
Main Flow 1. The user enters the use case.
2. User selects one of the options: S1 or S2 or
S3. For S1 and S2, User must enter/select the file
name or folder name.
1.1. System displays the list of Scanning
options. The following options are given to
the user.
S1. To Scan A file.
S2. To Scan A folder.
S3. To Scan Available Drives in My
Computer.
2.1. The selected option (sub flow) is
executed.
Sub Flows S1: Scanning A file
1. User selects S1 after selecting Scanning
Options.
1.1. User selects the file from file
browser.
1.2. System generates the scanning
Report after Scanning Completed.
7
S2: Scanning A folder
1. User selects S2 after selecting Scanning
Options.
1.1. User selects the folder from
folder browser.
1.2. System generates the Scanning
Report after Scanning Completed.
S3: Scanning All drives in My Computer
1. 1. User selects S3 after selecting
Scanning Options.
1.1. System Scans the files in
Available Drives in My Computer.
1.2. System generates The Scanning
Report after Scanning Completed.
Alternate
Flows
A1. User chooses to cancel the operation. If it is from one of the sub flows, it takes the user to
the main flow. If Exit is selected from the main flow, the user is taken to the application main
screen.
Post
Conditions
System must generate scan report.
Cross
Reference
S2.1 , S2.2 , S2.3 , S2.4 , S2.5
Assumptions The database contains at least one virus code.
Business
Rules
--
8
Sequence
Diagrams
Screen Shot
User Scanner
1: File / folder
3: Scanning Report
2: Scanning
9
2.2.6.2 Updation Table
Use Case
Name
Updating Database.
Use Case ID UC2
Actor(s) User
Summary User can Add a New code into database and delete the old code from database
Preconditions
Main Flow 1. The user enters the use case.
2. User selects one of the options: S1 or S2 or S3.
1.1. System displays the list of Database
options. The following options are given to
the user.
S1.Adding a new code into database.
S2.Adding Code from ASM File to database.
S2.Delete Old code from database.
2.1 The selected option (sub flow) is executed.
Sub Flows S1.Adding a new code into database.
1. User selects S1 after selecting database
Options.
1.1. User enters the code name and
instructions to database.
1.2 User adds the code name and
instructions to database.
1.3 User is returned to the main
flow.
10
S2.Adding new codes from ASM file to database.
1. User selects S2 after selecting database
Options.
1.1. User enters the code name
selects the ASM file from file
browser.
1.2 Code name and instructions are
added to database.
1.3 User is returned to the main
flow.
S2.Delete Old code from database.
1. User selects S2 after selecting database
Options.
1.1. User selects available code
names and instructions from
database.
1.2 User deletes the select code
name and instructions from
database.
1.3 User returned to the main flow.
Alternate
Flows
A1. User chooses to cancel the operation. If it is from one of the sub flows, it takes the user to
the main flow. If Exit is selected from the main flow, the user is taken to the application main
screen.
Post
Conditions
Virus database will be updated by adding new code or deleting the existing code.
Cross
Reference
S1.1,S1.2
11
Assumptions 1. There are only virus codes in database.
Business
Rules
--
Sequence
DiagramUser Database
1: Adding code
3: Status
2: Updating
4: Deleting Code
6: Status
5: Updating
12
Screenshot
13
2.2.6.3 Vault Table
Use Case
Name
Storing the Infected files
Use Case ID UC3
Actor(s) User
Summary Virus Vault contains the list of filenames which are infected by a virus in database.
Preconditions Locations of Files in virus vault should not be modified.
Main Flow 1. The user enters the use case.
2. User selects one option or closes the form.
1.1. System displays the list of infected files.
Following options is given to the user.
S1.Delete files.
2.1 The selected option (sub flow) is
executed.
Sub Flows S1. Delete File
1. User selects S1 after selecting Virus
vault.
1.1. System deletes the selected file
from Computer.
Alternate
Flows
A1. User chooses to cancel the operation. If it is from sub flow, it takes the user to the main flow.
If Exit is selected from the main flow, the user is taken to the application main screen.
Post
Conditions
Selected files will be removed from PC
Cross
Reference
S3.1,S3.2
Assumptions Virus vault contains infected files only.
14
Sequence
Diagram
Business
Rules
--
Screenshot
User Virus Vault
Selecting Option
Provide Option (Delete files)
Delete files
15
2.2.7 Functional Capabilities
The affected file locations must be automatically moved to the virus vault when the user
doesn’t select any one of the options like deleting file or move to the virus vault in the
report form.
During the scanning, file should not be accessed by another process.
2.2.8 Non-Functional Requirements
The virus database should be updated without internet connection. (Usability)
The virus database should be updated as per user requirements. (Supportability)
While file is being scanned ,it should not be accessed by any other process.
(Supportability)
The scanning process must start within 2 seconds. (Performance)
The scanning process should not take long period of time. (Performance)
The system should be available 24 X 7. (Reliability/ availability)
16
3. SYSTEM DESIGN
3.1 Data Dictionary
TABLE NO 3:3.1:
NAME: SCODE
PURPOSE:
This table is used to store the virus codes that will be used to compare with the translated
file codes.
Column Name Data Type Size Constraints
Code Name Text 30 NOT NULL
Instruction Text 50 NOT NULL
Sno Integer 15 NOT NULL
TABLE NO 3:3.2:
NAME: REPORT
PURPOSE:
This table is used to store the file locations and their status that have been scanned temporarily to
pass them to the next module after completing all the selected files.
Column Name Data Type Size Constraints
Filename Text 255 NOT NULL
Status Text 50 NOT NULL
17
TABLE NO 3:3.3:
NAME: VAULT
PURPOSE:
This table is used to store the locations of the files that are affected and have been moved to the
vault for deleting them in the future.
Column Name Data Type Size Constraints
Filename Text 255 NOT NULL
Status Text 50 NOT NULL
3.2 Database Logical Design
Normalization
Normalization is the process of efficiently organizing data in a database. There are
two goals of the normalization process: eliminating redundant data (for example, storing
the same data in more than one table) and ensuring data dependencies make sense (only
storing related data in a table). Both of these are worthy goals as they reduce the amount of
space a database consumes and ensure that data is logically stored.
3.2.1 Normal FormsThe database community has developed a series of guidelines for ensuring that
databases are normalized. These are referred to as normal forms and are numbered from
one (the lowest form of normalization, referred to as first normal form or 1NF) through
five (fifth normal form or 5NF). In practical applications, you'll often see 1NF, 2NF, and
3NF along with the occasional 4NF. Fifth normal form is very rarely seen and won't be
discussed in this article.
Before we begin our discussion of the normal forms, it's important to point out that
they are guidelines and guidelines only. Occasionally, it becomes necessary to stray from
18
them to meet practical business requirements. However, when variations take place, it's
extremely important to evaluate any possible ramifications they could have on your system
and account for possible inconsistencies. That said, let's explore the normal forms.
3.2.1.1 First Normal Form (1NF)First normal form (1NF) sets the very basic rules for an organized database:
Eliminate duplicative columns from the same table.
Create separate tables for each group of related data and identify each row with a
unique column or set of columns (the primary key).
Column Name Data Type Size Constraints
Filename Text 255 NOT NULL
Status Text 50 NOT NULL
3.2.1.2 Second Normal Form (2NF)Second normal form (2NF) further addresses the concept of removing duplicative data:
Meet all the requirements of the first normal form.
Remove subsets of data that apply to multiple rows of a table and place them in
separate tables.
Create relationships between these new tables and their predecessors through the
use of foreign keys.
3.2.1.3 Third Normal Form (3NF)Third normal form (3NF) goes one large step further:
Meet all the requirements of the second normal form.
Remove columns that are not dependent upon the primary key.
3.2.1.4 Boyce-Codd Normal FormThe criteria for Boyce-Codd normal form (BCNF) are:
19
The table must be in 3NF.
Every non-trivial functional dependency must be a dependency on a super key.
3.2.1.5 Fourth Normal Form (4NF)The criteria for fourth normal form (4NF) are:
The table must be in BCNF.
There must be no non-trivial multi valued dependencies on something other than a
super key. A BCNF table is said to be in 4NF if and only if all of its multi valued
dependencies are functional dependencies.
3.2.1.6 Fifth Normal FormThe criteria for fifth normal form (5NF and also PJ/NF) are:
The table must be in 4NF.
There must be no non-trivial join dependencies that do not follow from the key
constraints. A 4NF table is said to be in the 5NF if and only if every join
dependency in it is implied by the candidate keys.
For a database to be in 2NF, it must first fulfill all the criteria of a 1NF database.
20
3.3 UML Diagrams
3.3.1 Use Case Diagram
Use case diagrams are created to visualize the relationships between actors and use
cases. A use case is a pattern of behavior the system exhibits. Each use case is a sequence
of related transactions performed by an actor and the system.
A flow of events documents is created for each use cases, written from an actor
point of view. Details what the system must provide to the actor when the use cases are
executed.
Typical Contents:
How the use case starts and ends.
Normal flow of events.
Alternate flow of events.
Exceptional flow of events.
Figure 3.3.1.1 Symbols
Actor
Actor
Use case:
21
3.3.1.2 Use case diagram for User
Figure 3.3.1.2 Use case diagram for User
User
Scanning Files
Storing the infected Files.
Updating Database
22
3.3.2 Class Diagram
A Class diagram gives an overview of a system by showing its classes and the
relationships among them. UML class is a rectangle divided into: class name, attributes,
and operations.
Our class diagram has three kinds of relationships.
Association -- a relationship between instances of the two classes. There is an
association between two classes if an instance of one class must know about the
other in order to perform its work.
Aggregation -- an association in which one class belongs to a collection. An
aggregation has a diamond end pointing to the part containing the whole. In our
diagram, Order has a collection of Order Details.
Generalization -- an inheritance link indicating one class is a super class of the
other
23
3.3.2.1 Class Diagram for Virus Detection System
User
Scan()Delete()
Data Basevirus code
add code()delete code()
1..*
1
1..*
1
Filespathextensionaccess rights
move to vault()
1
1..n
1
1..n
1
1..n
1
1..n
Figure 3.3.2.1 Class Diagram for Virus Detection System
24
3.3.3 Sequence Diagram
A type of interaction diagram, a sequence diagram shows the actors of the object
participating in an interaction and the events they generate arranged in a time sequence.
Often a sequence diagram shows the events that results from a particular instance of a
particular instance of a use case but a sequence diagram can also exist in a more generic
form.
The vertical dimension in a sequence diagram represents time; with time preceding
down the page the horizontal dimension represents different actors.
Object class1 Object class2 Object class3
25
3.3.3.1 Sequence Diagram for Scanning
User Scanner
Selecting Options(file,Folder,My Computer)
Display Options
Generates Report
Scanning
Figure 3.3.3.1 Sequence Diagram for Scanning
26
3.3.4 Collaboration Diagram
Collaboration diagrams are also relatively easy to draw they show the relationship
between objects and the order of messages passed between them. The objects are listed as
icons and arrows indicate the messages being passed between them .The numbers next to
the messages are called the sequence numbers. As the name suggests, they show the
sequence of the messages as they are passed between the objects. There are many
acceptable sequence numbering schemes in UML.
Figure 3.3.4.1 Collaboration Diagram
User Data
base
1: Code Name, Instructions
2: Adding
3: Status
4: Code name
5: Deleting
6: Status
27
4. SYSTEM IMPLEMENTATION
4.1 Selected Software
4.1.1 Microsoft.NET Framework
The .NET Framework is a new computing platform that simplifies application
development in the highly distributed environment of the Internet. The .NET Framework is
designed to fulfill the following objectives:
To provide a consistent object-oriented programming environment whether object
code is stored and executed locally, executed locally but Internet-distributed, or
executed remotely.
To provide a code-execution environment that minimizes software deployment and
versioning conflicts.
To provide a code-execution environment that guarantees safe execution of code,
including code created by an unknown or semi-trusted third party.
To provide a code-execution environment that eliminates the performance
problems of scripted or interpreted environments.
To make the developer experience consistent across widely varying types of
applications, such as Windows-based applications and Web-based applications.
To build all communication on industry standards to ensure that code based on
the .NET Framework can integrate with any other code.
First clearing that Java is two things Java language and Java Platform. Similarly .Net is
two things the .Net supported languages and .Net Platform. Now come to major difference
which is root cause of differences between Java and .Net
28
The ideal of Java has always been a Single language shared by multiple Platforms.
Whereas .Net is based on Multiple languages shared by single Platform. Now come to
derived differences from this major difference.
Net has Multilanguage support. While java has based on java language only.
According to Microsoft latest news .Net support around 40 languages including
major market share COBOL Vb.net C#.net Perl and many others.
Since java is multiplatform so it’s set of Framework Classes is limited to what is
available on all platforms. While .Net has set of all the Classes available on
Microsoft Platform.
Net due to disconnected data access through ADO.Net has hi level of performance
against Java JDBC which requires multiple round trips to data base.
Java has support to open source platform while .Net has no direct support for Open
source Platforms.
4.1.2 Methodology
Our project is developed by the following main methodologies,
C# DOTNET (front end)
C (middle end)
MS ACCESS (back end)
4.1.2.1 C # Dot net:C# DOTNET is used as the front end as it is the latest and flexible technology
which is comprised of C and Visual C++. It has a wide range of features which are very
useful.
Dot net Features:
DOTNET makes it easy for your database administrator to set up a centralized unit
database on your unit's FTP site so that multiple readers can access the SAME set
of data files. This means you no longer have to worry about providing database
29
backups to numerous readers and then trying to coordinate database updates
without someone getting left out of the loop.
Data security! The web database is fully encrypted using a data encryption
password that you define. No one without that password can view your data, even if
someone hacks into your FTP site or intercepts the database upload.
Through the use of Data Access Passwords, the database administrator can control
who can update the data and which functional area(s) they're allowed to update.
You can assign the same functional area to more than one user. Of course, the
database administrator retains update authority over the entire database.
For each Data Access Password, simple checkbox options allow you to block users
with that password from even being able to see sensitive data items, such as social
security numbers and driver's licenses. There's a separate checkbox for each
sensitive data item, so you have full control.
DOTNET automatically handles the FTP site interface for you. When you log on,
DOTNET connects to your FTP site, downloads your encrypted database, and
decrypts it. Troop Master/Pack Master then decompresses the database and loads
the files into your Troop Master/Pack Master data folder. At that point, you can
even disconnect from the Internet. When you exit Troop Master/Pack Master,
DOTNET compresses and encrypts your updated database and uploads the
encrypted files back to your FTP site.
DOTNET guarantees the safe execution of code, including code created by
unknown or semi-trusted third parties. This is where the term managed code comes
from, because the applications have to meet security standards and are managed
just for that very purpose.
30
DOTNET enables developers to work in a consistent programming environment
whether creating applications for desktops or the Internet. This ensures that
although there are techniques that vary between Web and desktop applications, you
can use the same languages, such as C#.
DOTNET builds all communication on industry standards to ensure that code based
on the .NET Framework can integrate with any other code. .NET uses XML
extensively, as well as other communication protocols such as SOAP (Simplified
Object Application Programming), which are both industry standards.
DOTNET minimizes software deployment and versioning conflicts. Also called
DLL hell, these conflicts occurred frequently when you were developing in prior
platforms such as Visual Basic and using ActiveX controls. A lot of times when
you installed new versions of your applications, controls would conflict and not
work.
DOTNET eliminates performance problems of scripted or interpreted
environments. Everything is compiled into a common language that the various
parts of the platform are designed to work with.
4.1.3 Concepts used: FORMS
OLEDB PROVIDER
4.1.3.1 Forms:
The objects from the standard classes are called graphical user interface (GUI)
objects, and are used to handle the user interface aspect or programs. The style of
31
programming we use with these GUI objects is called event-driven programming. An event
occurs when the user interacts with a GUI object. For example, when we move the cursor,
click on a button, or select a menu choice, an event occurs. In event-driven programs, we
program objects to respond to these events by defining event-handling methods.
32
A form is a general-purpose window in which the user interfaces with the
application. A java GUI application program must have at least one form that serves as the
program’s main window. The visual basic supports the most rudimentary functionality to
support features found in any frame window, such as minimizing the window, moving the
window, resizing the window and so forth.
4.1.3.2 Oledb:The OLE DB Data Provider is for use with databases that support OLE DB
interfaces. This data provider uses native OLE DB through COM interoperability to access
the database and execute commands. To use the OLEDB Data Provider we must also have
a compatible OLE DB provider. The following OLE DB providers are, at the time of
writing, compatible with ADO.NET:
Microsoft.Jet.Oledb.4.0 – OLE DB Provider for Microsoft Jet
The OLED DB Data Provider does not support OLE DB 2.5 interfaces, such as
those required for Microsoft OLE DB Provider for Exchange and Microsoft OLE DB
Provider for Internet Publishing. The OLE DB Data Provider also does not support the
MSDASQL Provider (Microsoft OLE DB Provider for ODBC). The OLEDB Data
Provider is the recommended data provider for applications that use SQL Server 6.5 or
earlier, Oracle, or Microsoft Access.
The classes for the OLE DB Data Provider are found in the System.Data.OleDb
namespace
In OLE DB Data Provider there are four key classes that are derived from the
following ADO.NET interfaces, found in the System.Data namespace:
IDbConnection – SqlConnection and OleDbConnection
IDbCommand – SqlCommand and OleDbCommand
IDataReader – SqlDataReader and OleDbDataReader
IDbDataAdapter – SqlDataAdapter and OleDbDataAdapter
33
4.1.3.3 Connection:The connection classes inherit, as we just saw, from the IDbConnection interface.
They are manifested in each data provider as either the SqlConnection (for the SQL Server
Data Provider) or the OleDbConnection (for the OLE DB Data Provider). The connection
class is used to open a connection to the database on which commands will be executed.
4.1.3.4 Command:The command classes inherit from the IDbCommand interface. As with the
connection class, the command classes are manifested as either the SqlCommand or the
OleDbCommand. The command class is used to execute T-SQL commands or stored
procedures against a database. Commands require an instance of a connection object in
order to connect to the database and execute a command. In turn, the command class
exposes several execute methods, depending on what expectations you have.
4.1.3.5 Data Reader:The datareader classes inherit from the IDataReader interface. Continuing the trend,
the data reader is manifested as either a SqlDataReader or an OleDbDataReader. The
datareader is a forward-only, read-only stream of data from the database. This makes the
datareader a very efficient means for retrieving data, as only one record is brought into
memory at a time.
4.1.3.6 Data Adapter:The Data Adapter classes inherit from the IDbDataAdapter interface and are
manifested as SqlDataAdapter and OleDbDataAdapter. The DataAdapter is intended for
use with a DataSet and can retrieve data from the data source, populate DataTables and
constraints, and maintain the Data Table relationships. The DataSet can contain multiple
DataTables, disconnected from the database. The data in the DataSet can be manipulated –
changed, deleted, or added to – without an active connection to the database.
34
4.1.4 C:
The disassembling part of the system requires the language that can be written in
both high level and low level and the immediate option is the C language. We used C
language to create the disassembler and we have created the executable file of the
disassembly program and we used it as a disassembler tool in our project.
4.1.5 MS ACCESS:
Microsoft Access has changed the image of desktop databases from specialist
applications used by dedicated professionals to standard business productivity applications
used by a wide range of users. More and more developers are building easy-to-use business
solutions on, or have integrated them with, desktop applications on users' desktops.
Microsoft Access has built a tradition of innovation by making historically difficult
database technology accessible to general business users. Whether users are connected by a
LAN, the Internet, or not at all, Microsoft Access ensures that the benefits of using a
database can be quickly realized. With its integrated technologies, Microsoft Access is
designed to make it easy for all users to find answers, share timely information, and build
faster solutions.
At the same time, Microsoft Access has a powerful database engine and a robust
programming language, making it suitable for many types of complex database
applications.
4.1.5.1 Data engine:
Microsoft Access ships with the Microsoft Jet database engine. (For additional
information on the Jet database engine, please refer to Microsoft Jet Database Engine
Programmer's Guide, published by Microsoft Press). This is the same engine that ships
with Visual Basic and with Microsoft Office. Microsoft Jet is a 32-bit, multithreaded
database engine that is optimized for decision-support applications and is an excellent
workgroup engine.
35
Microsoft Jet has advanced capabilities that have typically been unavailable on
desktop databases. These include:
4.1.5.2 Access to heterogeneous data sources:
Microsoft Jet provides transparent access, via industry-standard Open Database
Connectivity (ODBC) drivers, to over 170 different data formats, including Borland
International dBase and Paradox, ORACLE from Oracle Corporation, Microsoft SQL
Server, and IBM DB2. Developers can build applications in which users read and update
data simultaneously in virtually any data format.
4.1.5.3 Engine-level referential integrity and data validation:
Microsoft Jet has built-in support for primary and foreign keys, database-specific
rules, and cascading updates and deletes. This means that a developer is freed from having
to create rules using procedural code to implement data integrity. Also, the engine itself
consistently enforces these rules, so they are available to all application programs.
4.1.5.4 Advanced workgroup security features:
Microsoft Jet stores User and Group accounts in a separate database, typically
located on the network. Object permissions for database objects (such as tables and
queries) are stored in each database. By separating account information from permission
information, Microsoft Jet makes it much easier for system administrators to manage one
set of accounts for all databases on a network.
4.1.5.5 Updateable dynasets:
As opposed to many database engines that return query results in temporary views
or snapshots, Microsoft Jet returns a dynaset that automatically propagates any changes
users make back to the original tables. This means that the results of a query, even those
based on multiple tables can be treated as tables themselves. Queries can even be based on
other queries.
36
Binding objects and data is easy with Microsoft Access. Complex data-
management forms can be created easily by dragging and dropping fields and controls onto
the form design surface. If a form is bound to a parent table, dragging a child table onto the
form creates a sub form, which will automatically display all child records for the parent.
Microsoft Access has a variety of wizards to ease application development for both
users and developers. These include:
The Database Wizard, which includes more than 20 customizable templates to create
full-featured applications with a few mouse clicks.
The Table Analyzer Wizard, which can decipher flat-file data intelligently from a wide
variety of data formats and create a relational database.
Several form and report wizards, which allow users great flexibility in creating the
exact view of data required, regardless of underlying tables or queries.
The Application Splitter Wizard, which separates a Microsoft Access application from
its tables and creates a shared database containing the tables for a multi-user
application.
The PivotTable® Wizard, which walks users through the creation of Microsoft Excel
PivotTables based on a Microsoft Access table or query.
The Performance Analyzer Wizard, which examines existing databases and
recommends changes to improve application performance.
In addition to the wizards just listed, Microsoft Access provides a number of ease-of-
use features in keeping with its goal of providing easy access to data for users. These
include:
Filter by Form, which allows users to type the information they seek and have
Microsoft Access build the underlying query to deliver only that data, in a form view.
37
Filter by Input, which allows users simply to right-click on any field, in any view, and
then type the criteria they are looking for into an input box on a pop-up menu. Upon
pressing ENTER, the filter is applied and the user then sees only the information they
are looking for.
Filter by Selection, which allows users to locate information quickly on forms or
datasheets by highlighting a selection and filtering the underlying data based on that
selection.
38
4:2 SAMPLE CODE:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.IO;
using System.Data.OleDb;
using System.Windows.Forms;
namespace WindowsFormsApplication1
{
public partial class start : Form
{
public start()
{
InitializeComponent();
}
private void start_Load(object sender, EventArgs e)
{
drives = Environment.GetLogicalDrives();
39
sdrive = drives[0];
con = new OleDbConnection(@"Provider=microsoft.jet.oledb.4.0;data
source=" + sdrive + @"VDS\viruscodes.mdb");
try
{
Directory.CreateDirectory(sdrive + "VDS");
}
catch (Exception ae)
{
}
try
{
File.Copy("viruscodes.mdb", sdrive + @"VDS\viruscodes.mdb");
}
catch (Exception ae)
{
}
try
{
File.Copy("TRIAL.EXE", sdrive + @"VDS\TRIAL.EXE",true);
}
catch (Exception ae)
40
{
}
}
new virusvault().Show();
}
private void addCodeToolStripMenuItem_Click(object sender, EventArgs e)
{
new add().Show();
}
private void addFromFileToolStripMenuItem_Click(object sender, EventArgs e)
{
new addfile().Show();
}
private void deleteCodeToolStripMenuItem_Click(object sender, EventArgs e)
{
new delete().Show();
}
private void exitToolStripMenuItem_Click(object sender, EventArgs e)
{
Application.Exit();
}
}
41
CODE FOR ADD DATA BASE
public partial class add : Form
{
public add()
{
InitializeComponent();
}
private void addbut_Click(object sender, EventArgs e)
{
try
{
if (con.State == 0)
con.Open(); // opening the connection
ssql = "select *from codes where name='" + textBox1.Text + "';";
cmd = new OleDbCommand(ssql,con);
rdr = cmd.ExecuteReader();
if (rdr.HasRows)
{
rdr.Read();
if(!(rdr.IsDBNull(0)))
count = Convert.ToInt32(rdr.GetValue(0)) + 1;
rdr.Dispose();
42
}
}
ssql = "insert into codes values('" + textBox1.Text + "','" + textBox2.Text +
"'," + count + ");";
cmd = new OleDbCommand(ssql, con);
cmd.ExecuteNonQue
MessageBox.Show("Instruction inserted
successfully","Success",MessageBoxButtons.OK,MessageBoxIcon.Informa
tion);
//same code name with different code instructions so we disable the
CODENAME textbox,enable CLOSE button
textBox2.Text = "";
textBox2.Focus();
textBox1.Enabled = false;
closebut.Enabled = true;
cmd.Dispose();
}
private void closebut_Click(object sender, EventArgs e)
{
MessageBox.Show("'"+textBox1.Text +"' Code has been added successfully, You
may insert another
code","Success",MessageBoxButtons.OK,MessageBoxIcon.Information);
textBox1.Text = "";
textBox2.Text = "";
43
textBox1.Enabled = true;
closebut.Enabled = false;
textBox1.Focus();
}
private void exitbut_Click(object sender, EventArgs e)
{
this.Close();
}
private void add_Load(object sender, EventArgs e)
{
string[] drives = Environment.GetLogicalDrives();
string sdrive = drives[0];
con = new OleDbConnection(@"Provider=microsoft.jet.oledb.4.0;data
source=" + sdrive + @"VDS\viruscodes.mdb");
}
}
44
ADD FROM FILE
private void addbut_Click(object sender, EventArgs e)
{
try
{
if (con.State == 0)
con.Open();
if (Rdr.HasRows)
{
try
{
ssql = "select max(sno) from codes ";
cmd = new OleDbCommand(ssql, con);
Rdr = cmd.ExecuteReader();
Rdr.Read();
sno = Convert.ToInt32(Rdr.GetInt32(0));
}
catch (Exception ae)
{
}
sno++;
while ((fcode = tr.ReadLine()) != null)
45
{
insert into codes values('" + textBox1.Text + "','" + fcode + "'," + sno + ");";
cmd = new OleDbCommand(ssql, con);
x+=cmd.ExecuteNonQuery();
}
private void browsebut_Click(object sender, EventArgs e)
{
openFileDialog1.ShowDialog();
fp = openFileDialog1.FileName;
textBox2.Text = fp;
}
private void exitbut_Click(object sender, EventArgs e)
{
this.Close();
}
private void addfile_Load(object sender, EventArgs e)
{
string[] drives = Environment.GetLogicalDrives();
string sdrive = drives[0];
con = new OleDbConnection(@"Provider=microsoft.jet.oledb.4.0;data
source=" + sdrive + @"VDS\viruscodes.mdb");
}
46
}
}
DELETE CODE
public delete()
{
InitializeComponent();
}
private void fillcombobox()
{
try
{
if (Con.State == 0)
Con.Open();
comboBox1.Text = "SELECT HERE";
}
catch (Exception ae)
{
MessageBox.Show("No Data Exists in Database or Not Accessible \nPlease
restart Application to Solve this
problem","DatabaseError",MessageBoxButtons.OK,MessageBoxIcon.Warning);
this.Close();
}
}
47
private void deletebut_Click(object sender, EventArgs e)
{
try
{
name = comboBox1.SelectedItem.ToString();
int sno = Rdr.GetInt32(0);
Rdr.Dispose();
Cmd.Dispose();
sSQL = "update codes set sno=sno-1 where sno>" + sno;
Cmd = new OleDbCommand(sSQL, Con);
int y = Cmd.ExecuteNonQuery();
listBox1.Items.Clear();
comboBox1.Items.Clear();
fillcombobox();
if (Con.State != 0)
Con.Close();
}
catch (Exception ae)
{
}
catch (Exception ae)
{
48
}
}
private void exitbut_Click(object sender, EventArgs e)
{
this.Close();
}
private void comboBox1_SelectedIndexChanged(object sender, EventArgs e)
{
try
{
if (Con.State == 0)
Con.Open();
Rdr.Dispose();
Cmd.Dispose();
if (Con.State != 0)
Con.Close();
}
49
5. TEST CASES
Testing is the process of detecting errors. Testing performs a very critical role for
quality assurance and for ensuring the reliability of software. The results of testing are used
later on during maintenance also
5.1 Psychology of Testing
The aim of testing is often to demonstrate that a program works by showing that it
has no errors. The basic purpose of testing phase is to detect the errors that may be present
in the program. Hence one should not start testing with the intent of showing that a
program works, but the intent should be to show that a program doesn’t work.
Testing is the process of executing a program with the intent of finding errors.
5.2. Testing Objectives:
The main objective of testing is to uncover a host of errors, systematically and with
minimum effort and time. Stating formally, we can say,
Testing is a process of executing a program with the intent of finding an error.
A successful test is one that uncovers an as yet undiscovered error.
A good test case is one that has a high probability of finding error, if it exists.
The tests are inadequate to detect possibly present errors.
The software more or less confirms to the quality and reliable standards.
50
5.3 Levels Of Testing
In order to uncover the errors present in different phases we have the concept of
levels of testing.The basic levels of testing are
Client Needs Acceptance Testing
Requirements System Testing
Design Integration Testing
Code Unit Testing
5.3.1 Unit testing:
Unit testing focuses verification effort on the smallest unit of software i.e. the
module. Using the detailed design and the process specifications testing is done to uncover
errors within the boundary of the module. All modules must be successful in the unit test
before the start of the integration testing begins.
In this project “Evaluation of Employee Performance” each service can be thought
of a module. There are so many modules like Executive, Debit Card, Credit Cards,
Performance, and Bills. Each module has been tested by giving different sets of inputs
(giving wrong Debit card Number, Executive code) when developing the module as well as
finishing the development so that each module works without any error. The inputs are
validated when accepting from the user.
51
5.3.2 Integration Testing:
After the unit testing we have to perform integration testing. The goal here is to see
if modules can be integrated properly, the emphasis being on testing interfaces between
modules. This testing activity can be considered as testing the design and hence the
emphasis on testing module interactions.
In this project ‘Evaluation of Employee Performance’, the main system is formed
by integrating all the modules. When integrating all the modules I have checked whether
the integration effects working of any of the services by giving different combinations of
inputs with which the two services run perfectly before Integration.
5.3.3 System Testing
Here the entire software system is tested. The reference document for this process
is the requirements document, and the goals to see if software meets its requirements.
Here entire ‘Evaluation of Employee Performance’ has been tested against
requirements of project and it is checked whether all requirements of project have been
satisfied or not.
5.3.4 Acceptance Testing
Acceptance Test is performed with realistic data of the client to demonstrate that
the software is working satisfactorily. Testing here is focused on external behavior of the
system; the internal logic of program is not emphasized.
In this project ‘Evaluation of Employee Performance’s have collected some data
and tested whether project is working correctly or not.
Test cases should be selected so that the largest number of attributes of an
equivalence class is exercised at once. The testing phase is an important part of software
development. It is the process of finding errors and missing operations and also a complete
verification to determine whether the objectives are met and the user requirements are
satisfied.
52
5.3.5 White Box Testing
This is a unit testing method where a unit will be taken at a time and tested
thoroughly at a statement level to find the maximum possible errors.
I tested step wise every piece of code, taking care that every statement in the code
is executed at least once. The white box testing is also called Glass Box Testing.
I have generated a list of test cases, sample data. Which is used to check all
possible combinations of execution paths through the code at every module level?
5.3.6 Black Box Testing
This testing method considers a module as a single unit and checks the unit at
interface and communication with other modules rather getting into details at statement
level. Here the module will be treated as a block box that will take some input and generate
output. Output for a given set of input combinations are forwarded to other modules.
5.4 Test Plan
Testing commence with a test plan and terminates with acceptance testing. A test
plan is a general document for the entire project that defines the scope, approach to be
taken and the schedule of testing as well as identifies the test item for the entire testing
process and the personal responsible for the different activities of testing. The test
planning can be done well before the actual testing commences and can be done in parallel
with the coding and design phases. The inputs forming the test plan are
Project plan
Requirements document
System design document
53
This project plan is needed to make sure that the test plan is consistent with the
over all plan for the project and the testing schedule matches that of the project plan. The
requirement document and the design document are the basic documents used for selecting
the test units and deciding the approaches to be used during testing. A test plan should
contain the following
Test unit specification
Features to be tested
Approaches for testing
Test deliverables
Schedule
One of the most important activities of the test plan is to identify the test units. The
test unit is a set of one or more modules, together with associated date that are from a
single computer program and that are objects of testing.
A test unit can occur at any level and can contain from a single module to the entire
system thus a test unit may be a module, a few modules or a complete system.
5.4.1 Test plan Document
A Test Plan is a general document for the entire project, which defines the scope,
approach to be taken and the schedule of testing, as well as identifying the test items for
entire testing process and the personnel responsible for the different activities of testing.
A test plan should contain the following
Test unit specification
A test unit is a set of one or more modules together with associated date which are
from a single program and which are the object of testing. Test unit may be a module, a
few modules or a complete program,. Different units are usually specified for unit,
integration and system testing.
54
The basic units to be tested are
Executive Module to register Executive Details.
Debit card Module to register Debit card Details.
Credit card Module to register Credit card Details.
Bills Module to store the Bills.
Performance Module to store Executive Performance Details.
All these modules are integrated and the final system is also tested against various
possible test cases.
5.4.1.1 Features to be Tested:
Features to be tested include all software features and combinations of features that
should be tested .A software feature is a software characteristics specified or simplified by
the requirements of design documents. These may include functionality, performance,
design constraints and attributes.
All the functional features specified in the requirement document will be tested. No
testing will be done for the performance. Since we doesn’t consider the response time,
throughout time and memory requirements.
5.4.1.2 Approach for Testing:
The approach for testing specifies the over all approach to be followed in the
current project this is some times called testing criteria.
5.4.1.3 Test Deliverables:
Testing deliverables should be specified in the test plan, before the actual testing
begins. Deliverables could be a list of test cases that were used, detailed results of testing.
Test summary report, test log and data about the code coverage.
55
5.4.1.4 Schedule
The test log provides a chronological record of relevant details about the execution
of the test cases. Different activities of testing and testing of different units that have
identified.
5.4.1.5 Personnel allocation
Personnel allocation identifies the persons responsible for performing the different
activities.
5.4.1.6 Test Case Report
Here we specify all the test cases that are used for system testing. The different
conditions that need to be tested along with the test cases used for testing those conditions
and the expected outputs are given .The goal is to test the different functional
requirements, as specified in the requirements document. Test cases have been selected for
both valid and invalid inputs.
56
5.5 Test Cases
5.5.1 Add Code
Test case ID Input Description Expected result
VDS_TC01 Code name
Instruction
Giving codename
without
instruction.
Filling all the fields is
compulsory.
VDS_TC02 Code name
Instruction
Giving
instruction
without
codename.
Filling all the fields is
compulsory.
VDS_TC03 Code name
Instruction
Without giving
both codename
and Instruction
Filling all the fields is
compulsory.
VDS_TC04 Code name
Instruction
Giving both the
code name and
Instruction
Instruction inserted
successfully
VDS_TC05 Code name
Instruction
Giving same
codename
Codename already exits,
please enter another
codename
57
5.5.2 Add Code From File
Test case ID Input Description Expected result
VDS_TC01 Code name
File name
Giving codename
without File
name.
Please select ASM file
VDS_TC02 Code name
File name
Giving File name
without
codename.
Please enter the code name
VDS_TC03 Code name
File name
Without giving
both codename
and File name
Filling all the fields is
compulsory.
VDS_TC04 Code name
File name
Giving both
codename and
File name
Code lines in file are
inserted successfully
58
5.5.3 Delete Code
Test case ID Input Description Expected result
VDS_TC01 Code name
instruction
Select the
codename from
combo box
without database.
no data exits or database
not accessible
VDS_TC02 Code name
instruction
Select the
codename from
combo box with
instruction.
Virus code is deleted
successfully.
5.5.4 Virus Vault
Test case ID Input Description Expected result
VDS_TC01 Delete Selected file is
not present in the
Vault
The file was not exists
5.5.5 Report
Test case ID Input Description Expected result
VDS_TC01 Move to vault Selected file will
be moved to
virus vault.
Delete function will not
work
59
6. SCREENS & REPORTS
6.1 Output Screens:
6.1.1.1 Home Page
Fig 6.1.1.1 Home Page
60
6.1.1.2 Scanning Module
Fig 6.1.1.2 Scanning Module
61
6.1.1.3 For Scanning Single File
Fig 6.1.1.3 For Scanning Single File
62
6.1.1.4 Browse For Scanning Single File
Fig 6.1.1.4 Browse For Scanning Single File
63
6.1.1.5 For Scanning Single Folder
Fig 6.1.1.5 For Scanning Single Folder
64
6.1.1.6 Browse For Scanning Single Folder
Fig 6.1.1.6 Browse For Scanning Single Folder
65
6.1.1.7 For Scanning My Computer
Fig 6.1.1.7 For Scanning My Computer
66
6.1.2 Database Updation Module
Fig 6.1.2 Database Updation Module
67
6.1.2.1 For Adding A New Code To Database
Fig 6.1.2.1 For Adding A New Code To Database
68
6.1.2.2 Form To Add The New Code
Fig 6.1.2.2 Form To Add The New Code
69
6.1.2.3 For Adding A New File To Database
6.1.2.3 For Adding A New File To Database
70
CForm To Add The New Code From File
Fig 6.1.2.3 Form To Add The New Code From File
71
6.1.2.5 For Deleting A New Code From Database
Fig 6.1.2.5 For Deleting A New Code From Database
72
6.1.2.6 Form To Delete The Code From Database
Fig 6.1.2.6 Form To Delete The Code From Database
73
6.1.3 Help
Fig 6.1.3 Help
74
6.2 Reports
6.2.1.1 Scanning Single File
Fig 6.2.1.1 Scanning Single File
75
6.2.1.2 Scanning Report Single File
Fig 6.2.1.2 Scanning Report Single File
76
6.2.1.3 Scanning Process For Single Folder
Fig 6.2.1.3 Scanning Process For Single Folder
77
6.2.1.4 Scanning Report Single Folder
Fig 6.2.1.4 Scanning Report Single Folder
78
6.2.1.5 Scanning Process For My Computer
Fig 6.2.1.5 Scanning Process For My Computer
79
6.2.1.6 Scanning Report For My Computer
6.2.1.6 Scanning Report For My Computer
80
6.2.3 Virus Vault
Fig 6.2.3 Virus Vault
81
7. CONCLUSION & FUTURE SCOPE
7.1 Conclusion
This project has dropped a small stone in water, by designing an application that
provides a generic antivirus approach that is used to scan the files efficiently. “Virus
Detection System” being developed by restricting to the present technology available in
our college meets the desired needs of the requirements completely.
Our system can be extended further to an extent at which it can provide more
facilities and flexibility than it provides at present. At present the disassembling of the file
to be scanned is limited to the exe files that were written in C and C++ only. The
disassembler provided in this system may not work properly when we are going to scan the
files that are written in other high level languages. So more the decompiling tools we can
add we can scan a wide range of variety of files.
7.2 Future Scope
At present in our system only the files that were scanned and reported as affected
can be deleted or can be moved to vault to delete in future. So the only option provided for
the user is to delete the affected file. More over the affected file can be repaired by deleting
the virus code that was matched from the disassembled code and restoring the new file
from the repaired code
82
8. BIBLIOGRAPHY
8.1 Text books
S.NO TITLE AUTHOR
1. “Visual C# 2005 Express Edition Starter Kit”, F. SCOTT BARKER,
2. “C#: YOUR VISUAL BLUE PRINT FOR ERIC BUTOW & TOMY
BUILDING .NET APPLICATIONS”, RYAN,
3. “A TO Z C”, K. JOSEPH WESLEY &
RAJESH JEBA ANBIAH
4. “Heuristic Analysis –Detecting Unknown Viruses” DAVID HARLEY &
ANDREW LEE.
8.2 Websites Visited
[1].http://www.this.net/~frank/pstill.html
[2] http://www.google.com/antivirus codes.html
[3]. http://en.wikipedia.org/wiki/Disassembler
[4]. http://en.wikipedia.org/wiki/Antivirus
[5]. http://en.wikipedia.org/wiki/virus
[6]. http://www.eset.com
83