Filter
Top Products
Chapter 3. The scanning mechanism
The central part of BitDefenderAntivirus Scanner for Unices consists of the BitDefender
architecture-independent scanning engines. These are specialized data analysis
routines and malware signature definitions, since many viruses can be identified upon
a distinctive code pattern. The BitDefender Antivirus engine database includes over
250000 different malware signatures, at the moment of this writing, and the number
constantly increases every few hours.
For identifying the unknown viruses, the engines can perform the heuristic analysis,
searching for several features characterizing the viruses.
The objects to be scanned can be directories or regular files, provided as command
line parameters. After the object is eventually deployed in a temporary file, the engines
are asked to start the scanning process.
Using the powerful engines, the object is unpacked, if needed, and scanned. The
scanning result is sent back to bdscan, which will further notify the user and will try
to apply the desired action. The action can be one of the following, triggered with
--action command line option.
• Disinfect. BitDefender will try to disinfect the object, by removing the infected or
suspected part. The action can fail sometimes.
• Quarantine. The object will be moved from its originallocation to a secured directory,
the quarantine.
• Delete. The object will be simply removed from the filesystem.
• Ignore. Even if infected objects are found, BitDefender will just report them and no
action will be performed.
By default, bdscan will scan inside archives, inside mail boxes and inside packed
programs. If this behavior is not desirable, there are command line options to disable
them selectively --no-archive, --no-mail and --no-pack, respectively.
If the scanning path is a directory, bdscan will descend recursively in sub-directories
and scan the files found. The recursion depth can be specified in command line or
can be entirely disabled.
More in the manual page
Youcanfind moreabout thesupportedcommand lineoptions inbdscan(8)manual page.
25
03
Description and
features
The scanning mechanism