Ran a Virus check on my system yesterday and realised that at times it was checking 10's/100's of files per second.

I'm a programmer and I know there's not much you can do in that short a space of time. What exact checks do they do?

Do they check the filename or check some contents of the file before doing an indepth pattern search for known viruses?

Rick

Most of them use highly optimised routines to search for a recognised virus string (search pattern) within the file to determine whether that file is infected or not.

I know that's the theory but that wouldn't work in practice.

How many 10's of thousands of viruses are there? An algorithm to search every line of a file and compare against the virus definition DB would take a few seconds at best, let alone 100's per second.

I think it does this when it's decided the file is suspicious.

How does it determine that? It must be checking the filename and or the first line or two of the file for a tell tale sign. No way can it search the whole file in such a short time.

It could search for a small part of the string and flag that as suspicious for a fuller search later. Checking the filename would be pointless seeing as anyone could change it. Also, there will be file changes in the executable header of the file, which could be checked, although that's moving more into heuristics.

Well perhaps a .txt file is harmless as can't be executed but a .zip .exe or .xml file may be more dangerous?

It did seem to slow down for xml and zip files.

Its all very clever....

I can't believe the thought of writing a virus appealed to me when I was younger, now I can't believe people waste their time doing stupid things like this.

http://answers.google.com/answers/threadview?id=50172

Eric,
http://www.pcbuyerbeware.co.uk/

How does anti-virus software work?

From my experience pretty good if the defs are up to date and not worth a pinch if they're not.:D