Virus Detection System

Virus Detection System

1. INTRODUCTION

1.1 Existing System

A computer virus is a computer program that can copy itself and infect a computer

without permission or knowledge of the user. The term "virus" is also commonly used,

albeit erroneously, to refer to many different types of malware and adware programs. The

original virus may modify the copies, or the copies may modify themselves, as occurs in a

metamorphic virus. anti-virus software that can detect and eliminate known viruses after

the computer downloads or runs the executable. There are two common methods that an

anti-virus software application uses to detect viruses. The first, and by far the most

common method of virus detection is using a list of virus signature definitions. They are

heuristic analysis and signature scanning. In signature scanning only single virus can be

detected at a time where as in The second method is to use a heuristic algorithm to find

viruses based on common behaviors. This method has the ability to detect viruses that anti-

virus security firms have yet to create a signature for.

1.2 Proposed System

Virus Detection System is an application which shows the way of approaching a

generic antivirus product. Unlike to some antivirus products which binds themselves to

specific signatures of some particular viruses, this simulation provides a generic approach

by which we are able to detect more than a single virus with a common virus code in the

database.

For the users of antivirus products who would like to know the simulation of an

antivirus the Virus Detection System is an application which shows the way of approaching

a generic antivirus product

Unlike to some antivirus products which binds themselves to specific signatures of

some particular viruses, this simulation provides a generic approach by which we are able

to detect more than a single virus with a common virus code in the database.

1

2. REQUIREMENT ANALYSIS

2.1 System Requirements:

2.1.1 Hardware Requirements:

The various hardware details required for the project are,

PROCESSOR : Intel Pentium II or above

PROCESSOR speed : 1.76 GHZ or above

RAM : 32 MB or above

HDD : 40 MB

2.1.2 Software Requirements:

The various software requirements of this project are,

PLATFORM : WINDOWS XP

FRONT END : C, C# .NET

BACK END : MS ACCESS

2

2.2 SRS

2.2.1 Vision

For the users of antivirus products who would like to know the simulation of an

antivirus the Virus Detection System is an application which shows the way of

approaching a generic antivirus product.

Unlike to some antivirus products which binds themselves to specific signatures of

some particular viruses, this simulation provides a generic approach by which we are able

to detect more than a single virus with a common virus code in the database.

2.2.2 Scope

2.2.2.1Overview:User can get the file, folder or the entire system to be scanned by selecting an

option from the scanning form. As a result of this a report is generated which is provided to

the user. If there are any infected files they are listed in the report. The user will be

provided options to delete the infected files or record their locations to delete them later.

The files selected to be deleted by the user will be removed from the computer

permanently. The locations of infected files will be stored in a safe place if the user selects

the option to delete them later. The user is also provided with an option to update the virus

data base by adding a new code or deleting the existing one.

2.2.2.2 Exclusions:-

The new viruses cannot be detected which are not in the database.

2.2.2.3 Assumptions:-

The virus code in the database must be in Assembly level language.

Database contains at least one virus code.

3

2.2.3 System Functions

S.No. System Function Description

DATABASE UPDATION

1. s1.1 Adding new code to the database.

2. s1.2 Deleting the existing old code.

SCANNING FILES

3. s2.1 Scanning the selected file or folder

4. s2.3 A report is generated with status of scanned files.

5. s2.4 Provides the option to delete the files which is infected.

6. s2.5 Provides an alternate option to record the infected file location.

SCANNING REPORT

7. s3.1 Shows the infected files after scanning is completed.

8. s3.2 Provides the options like moving to vault and delete now.

VIRUS VAULT

8. s4.1 View the affected files.

9 s4.2 Delete the selected files.

4

2.2.4 Glossary

Virus code A program that infects the system

Virus vault The virus affected files are stored here which can be deleted later by the user

2.2.5 Detailed Software Requirements

2.2.5.1 Use case model

2.2.5.1.1 Actors:

Actor Name User

Actor Id ACT-01

Description Handles all tasks throughout the application.

Main Activities

Can select the set of files in his PC to scan them.

Can view the Scanning report when scanning is finished.

Can Select the options provided in Scanning report.

Can update the virus Database.

Can view the virus vault at any time to delete the infected files.

Frequency of Use High

Work Environment / Location Stand alone Window.

Number of Users 1 to Many

5

2.2.5.1.2 List of Use Cases:

Scanning Files.

Updating Database.

Storing the Infected Files.

2.2.5.1.3 Use case diagram:

Fig 2.2.5.1.3 Use case diagram

User

Scanning Files

Storing the infected Files.

Updating Database

6

2.2.6 Detailed Use Case Descriptions:

2.2.6.1 Scanning Table

Use Case

Name

Scanning Files

Use Case ID UC1

Actor(s) User

Summary The user can scan a file, folder, And All drives in My computer and detects the infected

files, generate a scanning report to Use.

Preconditions Database must contain at least one code.

Main Flow 1. The user enters the use case.

2. User selects one of the options: S1 or S2 or

S3. For S1 and S2, User must enter/select the file

name or folder name.

1.1. System displays the list of Scanning

options. The following options are given to

the user.

S1. To Scan A file.

S2. To Scan A folder.

S3. To Scan Available Drives in My

Computer.

2.1. The selected option (sub flow) is

executed.

Sub Flows S1: Scanning A file

1. User selects S1 after selecting Scanning

Options.

1.1. User selects the file from file

browser.

1.2. System generates the scanning

Report after Scanning Completed.

7

S2: Scanning A folder

1. User selects S2 after selecting Scanning

Options.

1.1. User selects the folder from

folder browser.

1.2. System generates the Scanning


S3: Scanning All drives in My Computer

1. 1. User selects S3 after selecting

Scanning Options.

1.1. System Scans the files in

Available Drives in My Computer.

1.2. System generates The Scanning


Alternate

Flows

A1. User chooses to cancel the operation. If it is from one of the sub flows, it takes the user to

the main flow. If Exit is selected from the main flow, the user is taken to the application main

screen.

Post

Conditions

System must generate scan report.

Cross

Reference

S2.1 , S2.2 , S2.3 , S2.4 , S2.5

Assumptions The database contains at least one virus code.

Business

Rules

--

8

Sequence

Diagrams

Screen Shot

User Scanner

1: File / folder

3: Scanning Report

2: Scanning

9

2.2.6.2 Updation Table

Use Case

Name

Updating Database.

Use Case ID UC2

Actor(s) User

Summary User can Add a New code into database and delete the old code from database

Preconditions


2. User selects one of the options: S1 or S2 or S3.

1.1. System displays the list of Database

options. The following options are given to

the user.

S1.Adding a new code into database.

S2.Adding Code from ASM File to database.

S2.Delete Old code from database.

2.1 The selected option (sub flow) is executed.

Sub Flows S1.Adding a new code into database.

1. User selects S1 after selecting database

Options.

1.1. User enters the code name and

instructions to database.

1.2 User adds the code name and

instructions to database.

1.3 User is returned to the main

flow.

10

S2.Adding new codes from ASM file to database.


Options.

1.1. User enters the code name

selects the ASM file from file

browser.

1.2 Code name and instructions are

added to database.

1.3 User is returned to the main

flow.

S2.Delete Old code from database.


Options.

1.1. User selects available code

names and instructions from

database.

1.2 User deletes the select code

name and instructions from

database.

1.3 User returned to the main flow.

Alternate

Flows

A1. User chooses to cancel the operation. If it is from one of the sub flows, it takes the user to

the main flow. If Exit is selected from the main flow, the user is taken to the application main

screen.

Post

Conditions

Virus database will be updated by adding new code or deleting the existing code.

Cross

Reference

S1.1,S1.2

11

Assumptions 1. There are only virus codes in database.

Business

Rules

--

Sequence

DiagramUser Database

1: Adding code

3: Status

2: Updating

4: Deleting Code

6: Status

5: Updating

12

Screenshot

13

2.2.6.3 Vault Table

Use Case

Name

Storing the Infected files

Use Case ID UC3

Actor(s) User

Summary Virus Vault contains the list of filenames which are infected by a virus in database.

Preconditions Locations of Files in virus vault should not be modified.


2. User selects one option or closes the form.

1.1. System displays the list of infected files.

Following options is given to the user.

S1.Delete files.

2.1 The selected option (sub flow) is

executed.

Sub Flows S1. Delete File

1. User selects S1 after selecting Virus

vault.

1.1. System deletes the selected file

from Computer.

Alternate

Flows

A1. User chooses to cancel the operation. If it is from sub flow, it takes the user to the main flow.

If Exit is selected from the main flow, the user is taken to the application main screen.

Post

Conditions

Selected files will be removed from PC

Cross

Reference

S3.1,S3.2

Assumptions Virus vault contains infected files only.

14

Sequence

Diagram

Business

Rules

--

Screenshot

User Virus Vault

Selecting Option

Provide Option (Delete files)

Delete files

15

2.2.7 Functional Capabilities

The affected file locations must be automatically moved to the virus vault when the user

doesn’t select any one of the options like deleting file or move to the virus vault in the

report form.

During the scanning, file should not be accessed by another process.

2.2.8 Non-Functional Requirements

The virus database should be updated without internet connection. (Usability)

The virus database should be updated as per user requirements. (Supportability)

While file is being scanned ,it should not be accessed by any other process.

(Supportability)

The scanning process must start within 2 seconds. (Performance)

The scanning process should not take long period of time. (Performance)

The system should be available 24 X 7. (Reliability/ availability)

16

3. SYSTEM DESIGN

3.1 Data Dictionary

TABLE NO 3:3.1:

NAME: SCODE

PURPOSE:

This table is used to store the virus codes that will be used to compare with the translated

file codes.

Column Name Data Type Size Constraints

Code Name Text 30 NOT NULL

Instruction Text 50 NOT NULL

Sno Integer 15 NOT NULL

TABLE NO 3:3.2:

NAME: REPORT

PURPOSE:

This table is used to store the file locations and their status that have been scanned temporarily to

pass them to the next module after completing all the selected files.


Filename Text 255 NOT NULL

Status Text 50 NOT NULL

17

TABLE NO 3:3.3:

NAME: VAULT

PURPOSE:

This table is used to store the locations of the files that are affected and have been moved to the

vault for deleting them in the future.




3.2 Database Logical Design

Normalization

Normalization is the process of efficiently organizing data in a database. There are

two goals of the normalization process: eliminating redundant data (for example, storing

the same data in more than one table) and ensuring data dependencies make sense (only

storing related data in a table). Both of these are worthy goals as they reduce the amount of

space a database consumes and ensure that data is logically stored.

3.2.1 Normal FormsThe database community has developed a series of guidelines for ensuring that

databases are normalized. These are referred to as normal forms and are numbered from

one (the lowest form of normalization, referred to as first normal form or 1NF) through

five (fifth normal form or 5NF). In practical applications, you'll often see 1NF, 2NF, and

3NF along with the occasional 4NF. Fifth normal form is very rarely seen and won't be

discussed in this article.

Before we begin our discussion of the normal forms, it's important to point out that

they are guidelines and guidelines only. Occasionally, it becomes necessary to stray from

18

them to meet practical business requirements. However, when variations take place, it's

extremely important to evaluate any possible ramifications they could have on your system

and account for possible inconsistencies. That said, let's explore the normal forms.

3.2.1.1 First Normal Form (1NF)First normal form (1NF) sets the very basic rules for an organized database:

Eliminate duplicative columns from the same table.

Create separate tables for each group of related data and identify each row with a

unique column or set of columns (the primary key).




3.2.1.2 Second Normal Form (2NF)Second normal form (2NF) further addresses the concept of removing duplicative data:

Meet all the requirements of the first normal form.

Remove subsets of data that apply to multiple rows of a table and place them in

separate tables.

Create relationships between these new tables and their predecessors through the

use of foreign keys.

3.2.1.3 Third Normal Form (3NF)Third normal form (3NF) goes one large step further:

Meet all the requirements of the second normal form.

Remove columns that are not dependent upon the primary key.

3.2.1.4 Boyce-Codd Normal FormThe criteria for Boyce-Codd normal form (BCNF) are:

19

The table must be in 3NF.

Every non-trivial functional dependency must be a dependency on a super key.

3.2.1.5 Fourth Normal Form (4NF)The criteria for fourth normal form (4NF) are:

The table must be in BCNF.

There must be no non-trivial multi valued dependencies on something other than a

super key. A BCNF table is said to be in 4NF if and only if all of its multi valued

dependencies are functional dependencies.

3.2.1.6 Fifth Normal FormThe criteria for fifth normal form (5NF and also PJ/NF) are:

The table must be in 4NF.

There must be no non-trivial join dependencies that do not follow from the key

constraints. A 4NF table is said to be in the 5NF if and only if every join

dependency in it is implied by the candidate keys.

For a database to be in 2NF, it must first fulfill all the criteria of a 1NF database.

20

3.3 UML Diagrams

3.3.1 Use Case Diagram

Use case diagrams are created to visualize the relationships between actors and use

cases. A use case is a pattern of behavior the system exhibits. Each use case is a sequence

of related transactions performed by an actor and the system.

A flow of events documents is created for each use cases, written from an actor

point of view. Details what the system must provide to the actor when the use cases are

executed.

Typical Contents:

How the use case starts and ends.

Normal flow of events.

Alternate flow of events.

Exceptional flow of events.

Figure 3.3.1.1 Symbols

Actor

Actor

Use case:

21

3.3.1.2 Use case diagram for User

Figure 3.3.1.2 Use case diagram for User

User

Scanning Files

Storing the infected Files.

Updating Database

22

3.3.2 Class Diagram

A Class diagram gives an overview of a system by showing its classes and the

relationships among them. UML class is a rectangle divided into: class name, attributes,

and operations.

Our class diagram has three kinds of relationships.

Association -- a relationship between instances of the two classes. There is an

association between two classes if an instance of one class must know about the

other in order to perform its work.

Aggregation -- an association in which one class belongs to a collection. An

aggregation has a diamond end pointing to the part containing the whole. In our

diagram, Order has a collection of Order Details.

Generalization -- an inheritance link indicating one class is a super class of the

other

23

3.3.2.1 Class Diagram for Virus Detection System

User

Scan()Delete()

Data Basevirus code

add code()delete code()

1..*

1

1..*

1

Filespathextensionaccess rights

move to vault()

1

1..n

1

1..n

1

1..n

1

1..n

Figure 3.3.2.1 Class Diagram for Virus Detection System

24

3.3.3 Sequence Diagram

A type of interaction diagram, a sequence diagram shows the actors of the object

participating in an interaction and the events they generate arranged in a time sequence.

Often a sequence diagram shows the events that results from a particular instance of a

particular instance of a use case but a sequence diagram can also exist in a more generic

form.

The vertical dimension in a sequence diagram represents time; with time preceding

down the page the horizontal dimension represents different actors.

Object class1 Object class2 Object class3

25

3.3.3.1 Sequence Diagram for Scanning

User Scanner

Selecting Options(file,Folder,My Computer)

Display Options

Generates Report

Scanning

Figure 3.3.3.1 Sequence Diagram for Scanning

26

3.3.4 Collaboration Diagram

Collaboration diagrams are also relatively easy to draw they show the relationship

between objects and the order of messages passed between them. The objects are listed as

icons and arrows indicate the messages being passed between them .The numbers next to

the messages are called the sequence numbers. As the name suggests, they show the

sequence of the messages as they are passed between the objects. There are many

acceptable sequence numbering schemes in UML.

Figure 3.3.4.1 Collaboration Diagram

User Data

base

1: Code Name, Instructions

2: Adding

3: Status

4: Code name

5: Deleting

6: Status

27

4. SYSTEM IMPLEMENTATION

4.1 Selected Software

4.1.1 Microsoft.NET Framework

The .NET Framework is a new computing platform that simplifies application

development in the highly distributed environment of the Internet. The .NET Framework is

designed to fulfill the following objectives:

To provide a consistent object-oriented programming environment whether object

code is stored and executed locally, executed locally but Internet-distributed, or

executed remotely.

To provide a code-execution environment that minimizes software deployment and

versioning conflicts.

To provide a code-execution environment that guarantees safe execution of code,

including code created by an unknown or semi-trusted third party.

To provide a code-execution environment that eliminates the performance

problems of scripted or interpreted environments.

To make the developer experience consistent across widely varying types of

applications, such as Windows-based applications and Web-based applications.

To build all communication on industry standards to ensure that code based on

the .NET Framework can integrate with any other code.

First clearing that Java is two things Java language and Java Platform. Similarly .Net is

two things the .Net supported languages and .Net Platform. Now come to major difference

which is root cause of differences between Java and .Net

28

The ideal of Java has always been a Single language shared by multiple Platforms.

Whereas .Net is based on Multiple languages shared by single Platform. Now come to

derived differences from this major difference.

Net has Multilanguage support. While java has based on java language only.

According to Microsoft latest news .Net support around 40 languages including

major market share COBOL Vb.net C#.net Perl and many others.

Since java is multiplatform so it’s set of Framework Classes is limited to what is

available on all platforms. While .Net has set of all the Classes available on

Microsoft Platform.

Net due to disconnected data access through ADO.Net has hi level of performance

against Java JDBC which requires multiple round trips to data base.

Java has support to open source platform while .Net has no direct support for Open

source Platforms.

4.1.2 Methodology

Our project is developed by the following main methodologies,

C# DOTNET (front end)

C (middle end)

MS ACCESS (back end)

4.1.2.1 C # Dot net:C# DOTNET is used as the front end as it is the latest and flexible technology

which is comprised of C and Visual C++. It has a wide range of features which are very

useful.

Dot net Features:

DOTNET makes it easy for your database administrator to set up a centralized unit

database on your unit's FTP site so that multiple readers can access the SAME set

of data files. This means you no longer have to worry about providing database

29

backups to numerous readers and then trying to coordinate database updates

without someone getting left out of the loop.

Data security! The web database is fully encrypted using a data encryption

password that you define. No one without that password can view your data, even if

someone hacks into your FTP site or intercepts the database upload.

Through the use of Data Access Passwords, the database administrator can control

who can update the data and which functional area(s) they're allowed to update.

You can assign the same functional area to more than one user. Of course, the

database administrator retains update authority over the entire database.

For each Data Access Password, simple checkbox options allow you to block users

with that password from even being able to see sensitive data items, such as social

security numbers and driver's licenses. There's a separate checkbox for each

sensitive data item, so you have full control.

DOTNET automatically handles the FTP site interface for you. When you log on,

DOTNET connects to your FTP site, downloads your encrypted database, and

decrypts it. Troop Master/Pack Master then decompresses the database and loads

the files into your Troop Master/Pack Master data folder. At that point, you can

even disconnect from the Internet. When you exit Troop Master/Pack Master,

DOTNET compresses and encrypts your updated database and uploads the

encrypted files back to your FTP site.

DOTNET guarantees the safe execution of code, including code created by

unknown or semi-trusted third parties. This is where the term managed code comes

from, because the applications have to meet security standards and are managed

just for that very purpose.

30

DOTNET enables developers to work in a consistent programming environment

whether creating applications for desktops or the Internet. This ensures that

although there are techniques that vary between Web and desktop applications, you

can use the same languages, such as C#.

DOTNET builds all communication on industry standards to ensure that code based

on the .NET Framework can integrate with any other code. .NET uses XML

extensively, as well as other communication protocols such as SOAP (Simplified

Object Application Programming), which are both industry standards.

DOTNET minimizes software deployment and versioning conflicts. Also called

DLL hell, these conflicts occurred frequently when you were developing in prior

platforms such as Visual Basic and using ActiveX controls. A lot of times when

you installed new versions of your applications, controls would conflict and not

work.

DOTNET eliminates performance problems of scripted or interpreted

environments. Everything is compiled into a common language that the various

parts of the platform are designed to work with.

4.1.3 Concepts used: FORMS

OLEDB PROVIDER

4.1.3.1 Forms:

The objects from the standard classes are called graphical user interface (GUI)

objects, and are used to handle the user interface aspect or programs. The style of

31

programming we use with these GUI objects is called event-driven programming. An event

occurs when the user interacts with a GUI object. For example, when we move the cursor,

click on a button, or select a menu choice, an event occurs. In event-driven programs, we

program objects to respond to these events by defining event-handling methods.

32

A form is a general-purpose window in which the user interfaces with the

application. A java GUI application program must have at least one form that serves as the

program’s main window. The visual basic supports the most rudimentary functionality to

support features found in any frame window, such as minimizing the window, moving the

window, resizing the window and so forth.

4.1.3.2 Oledb:The OLE DB Data Provider is for use with databases that support OLE DB

interfaces. This data provider uses native OLE DB through COM interoperability to access

the database and execute commands. To use the OLEDB Data Provider we must also have

a compatible OLE DB provider. The following OLE DB providers are, at the time of

writing, compatible with ADO.NET:

Microsoft.Jet.Oledb.4.0 – OLE DB Provider for Microsoft Jet

The OLED DB Data Provider does not support OLE DB 2.5 interfaces, such as

those required for Microsoft OLE DB Provider for Exchange and Microsoft OLE DB

Provider for Internet Publishing. The OLE DB Data Provider also does not support the

MSDASQL Provider (Microsoft OLE DB Provider for ODBC). The OLEDB Data

Provider is the recommended data provider for applications that use SQL Server 6.5 or

earlier, Oracle, or Microsoft Access.

The classes for the OLE DB Data Provider are found in the System.Data.OleDb

namespace

In OLE DB Data Provider there are four key classes that are derived from the

following ADO.NET interfaces, found in the System.Data namespace:

IDbConnection – SqlConnection and OleDbConnection

IDbCommand – SqlCommand and OleDbCommand

IDataReader – SqlDataReader and OleDbDataReader

IDbDataAdapter – SqlDataAdapter and OleDbDataAdapter

33

4.1.3.3 Connection:The connection classes inherit, as we just saw, from the IDbConnection interface.

They are manifested in each data provider as either the SqlConnection (for the SQL Server

Data Provider) or the OleDbConnection (for the OLE DB Data Provider). The connection

class is used to open a connection to the database on which commands will be executed.

4.1.3.4 Command:The command classes inherit from the IDbCommand interface. As with the

connection class, the command classes are manifested as either the SqlCommand or the

OleDbCommand. The command class is used to execute T-SQL commands or stored

procedures against a database. Commands require an instance of a connection object in

order to connect to the database and execute a command. In turn, the command class

exposes several execute methods, depending on what expectations you have.

4.1.3.5 Data Reader:The datareader classes inherit from the IDataReader interface. Continuing the trend,

the data reader is manifested as either a SqlDataReader or an OleDbDataReader. The

datareader is a forward-only, read-only stream of data from the database. This makes the

datareader a very efficient means for retrieving data, as only one record is brought into

memory at a time.

4.1.3.6 Data Adapter:The Data Adapter classes inherit from the IDbDataAdapter interface and are

manifested as SqlDataAdapter and OleDbDataAdapter. The DataAdapter is intended for

use with a DataSet and can retrieve data from the data source, populate DataTables and

constraints, and maintain the Data Table relationships. The DataSet can contain multiple

DataTables, disconnected from the database. The data in the DataSet can be manipulated –

changed, deleted, or added to – without an active connection to the database.

34

4.1.4 C:

The disassembling part of the system requires the language that can be written in

both high level and low level and the immediate option is the C language. We used C

language to create the disassembler and we have created the executable file of the

disassembly program and we used it as a disassembler tool in our project.

4.1.5 MS ACCESS:

Microsoft Access has changed the image of desktop databases from specialist

applications used by dedicated professionals to standard business productivity applications

used by a wide range of users. More and more developers are building easy-to-use business

solutions on, or have integrated them with, desktop applications on users' desktops.

Microsoft Access has built a tradition of innovation by making historically difficult

database technology accessible to general business users. Whether users are connected by a

LAN, the Internet, or not at all, Microsoft Access ensures that the benefits of using a

database can be quickly realized. With its integrated technologies, Microsoft Access is

designed to make it easy for all users to find answers, share timely information, and build

faster solutions.

At the same time, Microsoft Access has a powerful database engine and a robust

programming language, making it suitable for many types of complex database

applications.

4.1.5.1 Data engine:

Microsoft Access ships with the Microsoft Jet database engine. (For additional

information on the Jet database engine, please refer to Microsoft Jet Database Engine

Programmer's Guide, published by Microsoft Press). This is the same engine that ships

with Visual Basic and with Microsoft Office. Microsoft Jet is a 32-bit, multithreaded

database engine that is optimized for decision-support applications and is an excellent

workgroup engine.

35

Microsoft Jet has advanced capabilities that have typically been unavailable on

desktop databases. These include:

4.1.5.2 Access to heterogeneous data sources:

Microsoft Jet provides transparent access, via industry-standard Open Database

Connectivity (ODBC) drivers, to over 170 different data formats, including Borland

International dBase and Paradox, ORACLE from Oracle Corporation, Microsoft SQL

Server, and IBM DB2. Developers can build applications in which users read and update

data simultaneously in virtually any data format.

4.1.5.3 Engine-level referential integrity and data validation:

Microsoft Jet has built-in support for primary and foreign keys, database-specific

rules, and cascading updates and deletes. This means that a developer is freed from having

to create rules using procedural code to implement data integrity. Also, the engine itself

consistently enforces these rules, so they are available to all application programs.

4.1.5.4 Advanced workgroup security features:

Microsoft Jet stores User and Group accounts in a separate database, typically

located on the network. Object permissions for database objects (such as tables and

queries) are stored in each database. By separating account information from permission

information, Microsoft Jet makes it much easier for system administrators to manage one

set of accounts for all databases on a network.

4.1.5.5 Updateable dynasets:

As opposed to many database engines that return query results in temporary views

or snapshots, Microsoft Jet returns a dynaset that automatically propagates any changes

users make back to the original tables. This means that the results of a query, even those

based on multiple tables can be treated as tables themselves. Queries can even be based on

other queries.

36

Binding objects and data is easy with Microsoft Access. Complex data-

management forms can be created easily by dragging and dropping fields and controls onto

the form design surface. If a form is bound to a parent table, dragging a child table onto the

form creates a sub form, which will automatically display all child records for the parent.

Microsoft Access has a variety of wizards to ease application development for both

users and developers. These include:

The Database Wizard, which includes more than 20 customizable templates to create

full-featured applications with a few mouse clicks.

The Table Analyzer Wizard, which can decipher flat-file data intelligently from a wide

variety of data formats and create a relational database.

Several form and report wizards, which allow users great flexibility in creating the

exact view of data required, regardless of underlying tables or queries.

The Application Splitter Wizard, which separates a Microsoft Access application from

its tables and creates a shared database containing the tables for a multi-user

application.

The PivotTable® Wizard, which walks users through the creation of Microsoft Excel

PivotTables based on a Microsoft Access table or query.

The Performance Analyzer Wizard, which examines existing databases and

recommends changes to improve application performance.

In addition to the wizards just listed, Microsoft Access provides a number of ease-of-

use features in keeping with its goal of providing easy access to data for users. These

include:

Filter by Form, which allows users to type the information they seek and have

Microsoft Access build the underlying query to deliver only that data, in a form view.

37

Filter by Input, which allows users simply to right-click on any field, in any view, and

then type the criteria they are looking for into an input box on a pop-up menu. Upon

pressing ENTER, the filter is applied and the user then sees only the information they

are looking for.

Filter by Selection, which allows users to locate information quickly on forms or

datasheets by highlighting a selection and filtering the underlying data based on that

selection.

38

4:2 SAMPLE CODE:

using System;

using System.Collections.Generic;

using System.ComponentModel;

using System.Data;

using System.Drawing;

using System.Linq;

using System.Text;

using System.IO;

using System.Data.OleDb;

using System.Windows.Forms;

namespace WindowsFormsApplication1

{

public partial class start : Form

{

public start()

{

InitializeComponent();

}

private void start_Load(object sender, EventArgs e)

{

drives = Environment.GetLogicalDrives();

39

sdrive = drives[0];

con = new OleDbConnection(@"Provider=microsoft.jet.oledb.4.0;data

source=" + sdrive + @"VDS\viruscodes.mdb");

try

{

Directory.CreateDirectory(sdrive + "VDS");

}

catch (Exception ae)

{

}

try

{

File.Copy("viruscodes.mdb", sdrive + @"VDS\viruscodes.mdb");

}


{

}

try

{

File.Copy("TRIAL.EXE", sdrive + @"VDS\TRIAL.EXE",true);

}


40

{

}

}

new virusvault().Show();

}

private void addCodeToolStripMenuItem_Click(object sender, EventArgs e)

{

new add().Show();

}

private void addFromFileToolStripMenuItem_Click(object sender, EventArgs e)

{

new addfile().Show();

}

private void deleteCodeToolStripMenuItem_Click(object sender, EventArgs e)

{

new delete().Show();

}

private void exitToolStripMenuItem_Click(object sender, EventArgs e)

{

Application.Exit();

}

}

41

CODE FOR ADD DATA BASE

public partial class add : Form

{

public add()

{


}

private void addbut_Click(object sender, EventArgs e)

{

try

{

if (con.State == 0)

con.Open(); // opening the connection

ssql = "select *from codes where name='" + textBox1.Text + "';";

cmd = new OleDbCommand(ssql,con);

rdr = cmd.ExecuteReader();

if (rdr.HasRows)

{

rdr.Read();

if(!(rdr.IsDBNull(0)))

count = Convert.ToInt32(rdr.GetValue(0)) + 1;

rdr.Dispose();

42

}

}

ssql = "insert into codes values('" + textBox1.Text + "','" + textBox2.Text +

"'," + count + ");";

cmd = new OleDbCommand(ssql, con);

cmd.ExecuteNonQue

MessageBox.Show("Instruction inserted

successfully","Success",MessageBoxButtons.OK,MessageBoxIcon.Informa

tion);

//same code name with different code instructions so we disable the

CODENAME textbox,enable CLOSE button

textBox2.Text = "";

textBox2.Focus();

textBox1.Enabled = false;

closebut.Enabled = true;

cmd.Dispose();

}

private void closebut_Click(object sender, EventArgs e)

{

MessageBox.Show("'"+textBox1.Text +"' Code has been added successfully, You

may insert another

code","Success",MessageBoxButtons.OK,MessageBoxIcon.Information);

textBox1.Text = "";

textBox2.Text = "";

43

textBox1.Enabled = true;

closebut.Enabled = false;

textBox1.Focus();

}

private void exitbut_Click(object sender, EventArgs e)

{

this.Close();

}

private void add_Load(object sender, EventArgs e)

{

string[] drives = Environment.GetLogicalDrives();

string sdrive = drives[0];



}

}

44

ADD FROM FILE

private void addbut_Click(object sender, EventArgs e)

{

try

{

if (con.State == 0)

con.Open();

if (Rdr.HasRows)

{

try

{

ssql = "select max(sno) from codes ";


Rdr = cmd.ExecuteReader();

Rdr.Read();

sno = Convert.ToInt32(Rdr.GetInt32(0));

}


{

}

sno++;

while ((fcode = tr.ReadLine()) != null)

45

{

insert into codes values('" + textBox1.Text + "','" + fcode + "'," + sno + ");";


x+=cmd.ExecuteNonQuery();

}

private void browsebut_Click(object sender, EventArgs e)

{

openFileDialog1.ShowDialog();

fp = openFileDialog1.FileName;

textBox2.Text = fp;

}


{

this.Close();

}

private void addfile_Load(object sender, EventArgs e)

{

string[] drives = Environment.GetLogicalDrives();

string sdrive = drives[0];



}

46

}

}

DELETE CODE

public delete()

{


}

private void fillcombobox()

{

try

{

if (Con.State == 0)

Con.Open();

comboBox1.Text = "SELECT HERE";

}


{

MessageBox.Show("No Data Exists in Database or Not Accessible \nPlease

restart Application to Solve this

problem","DatabaseError",MessageBoxButtons.OK,MessageBoxIcon.Warning);

this.Close();

}

}

47

private void deletebut_Click(object sender, EventArgs e)

{

try

{

name = comboBox1.SelectedItem.ToString();

int sno = Rdr.GetInt32(0);

Rdr.Dispose();

Cmd.Dispose();

sSQL = "update codes set sno=sno-1 where sno>" + sno;

Cmd = new OleDbCommand(sSQL, Con);

int y = Cmd.ExecuteNonQuery();

listBox1.Items.Clear();

comboBox1.Items.Clear();

fillcombobox();

if (Con.State != 0)

Con.Close();

}


{

}


{

48

}

}


{

this.Close();

}

private void comboBox1_SelectedIndexChanged(object sender, EventArgs e)

{

try

{

if (Con.State == 0)

Con.Open();

Rdr.Dispose();

Cmd.Dispose();

if (Con.State != 0)

Con.Close();

}

49

5. TEST CASES

Testing is the process of detecting errors. Testing performs a very critical role for

quality assurance and for ensuring the reliability of software. The results of testing are used

later on during maintenance also

5.1 Psychology of Testing

The aim of testing is often to demonstrate that a program works by showing that it

has no errors. The basic purpose of testing phase is to detect the errors that may be present

in the program. Hence one should not start testing with the intent of showing that a

program works, but the intent should be to show that a program doesn’t work.

Testing is the process of executing a program with the intent of finding errors.

5.2. Testing Objectives:

The main objective of testing is to uncover a host of errors, systematically and with

minimum effort and time. Stating formally, we can say,

Testing is a process of executing a program with the intent of finding an error.

A successful test is one that uncovers an as yet undiscovered error.

A good test case is one that has a high probability of finding error, if it exists.

The tests are inadequate to detect possibly present errors.

The software more or less confirms to the quality and reliable standards.

50

5.3 Levels Of Testing

In order to uncover the errors present in different phases we have the concept of

levels of testing.The basic levels of testing are

Client Needs Acceptance Testing

Requirements System Testing

Design Integration Testing

Code Unit Testing

5.3.1 Unit testing:

Unit testing focuses verification effort on the smallest unit of software i.e. the

module. Using the detailed design and the process specifications testing is done to uncover

errors within the boundary of the module. All modules must be successful in the unit test

before the start of the integration testing begins.

In this project “Evaluation of Employee Performance” each service can be thought

of a module. There are so many modules like Executive, Debit Card, Credit Cards,

Performance, and Bills. Each module has been tested by giving different sets of inputs

(giving wrong Debit card Number, Executive code) when developing the module as well as

finishing the development so that each module works without any error. The inputs are

validated when accepting from the user.

51

5.3.2 Integration Testing:

After the unit testing we have to perform integration testing. The goal here is to see

if modules can be integrated properly, the emphasis being on testing interfaces between

modules. This testing activity can be considered as testing the design and hence the

emphasis on testing module interactions.

In this project ‘Evaluation of Employee Performance’, the main system is formed

by integrating all the modules. When integrating all the modules I have checked whether

the integration effects working of any of the services by giving different combinations of

inputs with which the two services run perfectly before Integration.

5.3.3 System Testing

Here the entire software system is tested. The reference document for this process

is the requirements document, and the goals to see if software meets its requirements.

Here entire ‘Evaluation of Employee Performance’ has been tested against

requirements of project and it is checked whether all requirements of project have been

satisfied or not.

5.3.4 Acceptance Testing

Acceptance Test is performed with realistic data of the client to demonstrate that

the software is working satisfactorily. Testing here is focused on external behavior of the

system; the internal logic of program is not emphasized.

In this project ‘Evaluation of Employee Performance’s have collected some data

and tested whether project is working correctly or not.

Test cases should be selected so that the largest number of attributes of an

equivalence class is exercised at once. The testing phase is an important part of software

development. It is the process of finding errors and missing operations and also a complete

verification to determine whether the objectives are met and the user requirements are

satisfied.

52

5.3.5 White Box Testing

This is a unit testing method where a unit will be taken at a time and tested

thoroughly at a statement level to find the maximum possible errors.

I tested step wise every piece of code, taking care that every statement in the code

is executed at least once. The white box testing is also called Glass Box Testing.

I have generated a list of test cases, sample data. Which is used to check all

possible combinations of execution paths through the code at every module level?

5.3.6 Black Box Testing

This testing method considers a module as a single unit and checks the unit at

interface and communication with other modules rather getting into details at statement

level. Here the module will be treated as a block box that will take some input and generate

output. Output for a given set of input combinations are forwarded to other modules.

5.4 Test Plan

Testing commence with a test plan and terminates with acceptance testing. A test

plan is a general document for the entire project that defines the scope, approach to be

taken and the schedule of testing as well as identifies the test item for the entire testing

process and the personal responsible for the different activities of testing. The test

planning can be done well before the actual testing commences and can be done in parallel

with the coding and design phases. The inputs forming the test plan are

Project plan

Requirements document

System design document

53

This project plan is needed to make sure that the test plan is consistent with the

over all plan for the project and the testing schedule matches that of the project plan. The

requirement document and the design document are the basic documents used for selecting

the test units and deciding the approaches to be used during testing. A test plan should

contain the following

Test unit specification

Features to be tested

Approaches for testing

Test deliverables

Schedule

One of the most important activities of the test plan is to identify the test units. The

test unit is a set of one or more modules, together with associated date that are from a

single computer program and that are objects of testing.

A test unit can occur at any level and can contain from a single module to the entire

system thus a test unit may be a module, a few modules or a complete system.

5.4.1 Test plan Document

A Test Plan is a general document for the entire project, which defines the scope,

approach to be taken and the schedule of testing, as well as identifying the test items for

entire testing process and the personnel responsible for the different activities of testing.

A test plan should contain the following

Test unit specification

A test unit is a set of one or more modules together with associated date which are

from a single program and which are the object of testing. Test unit may be a module, a

few modules or a complete program,. Different units are usually specified for unit,

integration and system testing.

54

The basic units to be tested are

Executive Module to register Executive Details.

Debit card Module to register Debit card Details.

Credit card Module to register Credit card Details.

Bills Module to store the Bills.

Performance Module to store Executive Performance Details.

All these modules are integrated and the final system is also tested against various

possible test cases.

5.4.1.1 Features to be Tested:

Features to be tested include all software features and combinations of features that

should be tested .A software feature is a software characteristics specified or simplified by

the requirements of design documents. These may include functionality, performance,

design constraints and attributes.

All the functional features specified in the requirement document will be tested. No

testing will be done for the performance. Since we doesn’t consider the response time,

throughout time and memory requirements.

5.4.1.2 Approach for Testing:

The approach for testing specifies the over all approach to be followed in the

current project this is some times called testing criteria.

5.4.1.3 Test Deliverables:

Testing deliverables should be specified in the test plan, before the actual testing

begins. Deliverables could be a list of test cases that were used, detailed results of testing.

Test summary report, test log and data about the code coverage.

55

5.4.1.4 Schedule

The test log provides a chronological record of relevant details about the execution

of the test cases. Different activities of testing and testing of different units that have

identified.

5.4.1.5 Personnel allocation

Personnel allocation identifies the persons responsible for performing the different

activities.

5.4.1.6 Test Case Report

Here we specify all the test cases that are used for system testing. The different

conditions that need to be tested along with the test cases used for testing those conditions

and the expected outputs are given .The goal is to test the different functional

requirements, as specified in the requirements document. Test cases have been selected for

both valid and invalid inputs.

56

5.5 Test Cases

5.5.1 Add Code

Test case ID Input Description Expected result

VDS_TC01 Code name

Instruction

Giving codename

without

instruction.

Filling all the fields is

compulsory.

VDS_TC02 Code name

Instruction

Giving

instruction

without

codename.


compulsory.

VDS_TC03 Code name

Instruction

Without giving

both codename

and Instruction


compulsory.

VDS_TC04 Code name

Instruction

Giving both the

code name and

Instruction

Instruction inserted

successfully

VDS_TC05 Code name

Instruction

Giving same

codename

Codename already exits,

please enter another

codename

57

5.5.2 Add Code From File


VDS_TC01 Code name

File name

Giving codename

without File

name.

Please select ASM file

VDS_TC02 Code name

File name

Giving File name

without

codename.

Please enter the code name

VDS_TC03 Code name

File name

Without giving

both codename

and File name


compulsory.

VDS_TC04 Code name

File name

Giving both

codename and

File name

Code lines in file are

inserted successfully

58

5.5.3 Delete Code


VDS_TC01 Code name

instruction

Select the

codename from

combo box

without database.

no data exits or database

not accessible

VDS_TC02 Code name

instruction

Select the

codename from

combo box with

instruction.

Virus code is deleted

successfully.

5.5.4 Virus Vault


VDS_TC01 Delete Selected file is

not present in the

Vault

The file was not exists

5.5.5 Report


VDS_TC01 Move to vault Selected file will

be moved to

virus vault.

Delete function will not

work

59

6. SCREENS & REPORTS

6.1 Output Screens:

6.1.1.1 Home Page

Fig 6.1.1.1 Home Page

60

6.1.1.2 Scanning Module

Fig 6.1.1.2 Scanning Module

61

6.1.1.3 For Scanning Single File

Fig 6.1.1.3 For Scanning Single File

62

6.1.1.4 Browse For Scanning Single File

Fig 6.1.1.4 Browse For Scanning Single File

63

6.1.1.5 For Scanning Single Folder

Fig 6.1.1.5 For Scanning Single Folder

64

6.1.1.6 Browse For Scanning Single Folder

Fig 6.1.1.6 Browse For Scanning Single Folder

65

6.1.1.7 For Scanning My Computer

Fig 6.1.1.7 For Scanning My Computer

66

6.1.2 Database Updation Module

Fig 6.1.2 Database Updation Module

67

6.1.2.1 For Adding A New Code To Database

Fig 6.1.2.1 For Adding A New Code To Database

68

6.1.2.2 Form To Add The New Code

Fig 6.1.2.2 Form To Add The New Code

69

6.1.2.3 For Adding A New File To Database

6.1.2.3 For Adding A New File To Database

70

CForm To Add The New Code From File

Fig 6.1.2.3 Form To Add The New Code From File

71

6.1.2.5 For Deleting A New Code From Database

Fig 6.1.2.5 For Deleting A New Code From Database

72

6.1.2.6 Form To Delete The Code From Database

Fig 6.1.2.6 Form To Delete The Code From Database

73

6.1.3 Help

Fig 6.1.3 Help

74

6.2 Reports

6.2.1.1 Scanning Single File

Fig 6.2.1.1 Scanning Single File

75

6.2.1.2 Scanning Report Single File

Fig 6.2.1.2 Scanning Report Single File

76

6.2.1.3 Scanning Process For Single Folder

Fig 6.2.1.3 Scanning Process For Single Folder

77

6.2.1.4 Scanning Report Single Folder

Fig 6.2.1.4 Scanning Report Single Folder

78

6.2.1.5 Scanning Process For My Computer

Fig 6.2.1.5 Scanning Process For My Computer

79

6.2.1.6 Scanning Report For My Computer

6.2.1.6 Scanning Report For My Computer

80

6.2.3 Virus Vault

Fig 6.2.3 Virus Vault

81

7. CONCLUSION & FUTURE SCOPE

7.1 Conclusion

This project has dropped a small stone in water, by designing an application that

provides a generic antivirus approach that is used to scan the files efficiently. “Virus

Detection System” being developed by restricting to the present technology available in

our college meets the desired needs of the requirements completely.

Our system can be extended further to an extent at which it can provide more

facilities and flexibility than it provides at present. At present the disassembling of the file

to be scanned is limited to the exe files that were written in C and C++ only. The

disassembler provided in this system may not work properly when we are going to scan the

files that are written in other high level languages. So more the decompiling tools we can

add we can scan a wide range of variety of files.

7.2 Future Scope

At present in our system only the files that were scanned and reported as affected

can be deleted or can be moved to vault to delete in future. So the only option provided for

the user is to delete the affected file. More over the affected file can be repaired by deleting

the virus code that was matched from the disassembled code and restoring the new file

from the repaired code

82

8. BIBLIOGRAPHY

8.1 Text books

S.NO TITLE AUTHOR

1. “Visual C# 2005 Express Edition Starter Kit”, F. SCOTT BARKER,

2. “C#: YOUR VISUAL BLUE PRINT FOR ERIC BUTOW & TOMY

BUILDING .NET APPLICATIONS”, RYAN,

3. “A TO Z C”, K. JOSEPH WESLEY &

RAJESH JEBA ANBIAH

4. “Heuristic Analysis –Detecting Unknown Viruses” DAVID HARLEY &

ANDREW LEE.

8.2 Websites Visited

[1].http://www.this.net/~frank/pstill.html

[2] http://www.google.com/antivirus codes.html

[3]. http://en.wikipedia.org/wiki/Disassembler

[4]. http://en.wikipedia.org/wiki/Antivirus

[5]. http://en.wikipedia.org/wiki/virus

[6]. http://www.eset.com

83

http://en.wikipedia.org/wiki/virus

http://en.wikipedia.org/wiki/Antivirus

http://www.google.com/antivirus

http://www.this.net/~frank/pstill.html

Date post:	20-Jul-2016
Category:	Documents
Upload:	ankitagarwal
View:	8 times
Download:	2 times

Virus Detection System

Documents