Using Anti Virus Scanner for .Net in a Project

Aug 17, 2016 at 2:57 PM
Hi Guys,

I am planning to use Anti Virus Scanner dll in a .Net Window Forms application that will be installed on our customers' machines. We are loading PDF files to the database. I know that it utilizes the installed anti-virus software on the machine.
I have a few questions:
  1. Does the anti-virus software has to be installed and running on the client machine?
  2. What does the API return if anti-virus software is not installed on the machine?
  3. What does the API return if anti-virus software is installed but not running on the machine?
How do I test this dll? Should I temporarily disable the anti-virus software running on my machine in order to test?

Thank you.
Coordinator
Aug 17, 2016 at 10:46 PM
Q1. Does the anti-virus software has to be installed and running on the client machine?
Yes it dose, I think.
Q2. What does the API return if anti-virus software is not installed on the machine?
Q3. What does the API return if anti-virus software is installed but not running on the machine?
As wondering, I don't know.
This library was build for my usage and purpose, so I don't mind about irregular cases.

I'll research and try these situations and update documents.
Or, welcome to anybody who answer about these questions.
Aug 18, 2016 at 1:13 AM
Thank you, jsakamoto, for your quick response. What about the question about how to test this API? I was able to test a clean file, but I am not able to test any simulated infected files, like a test eucar file, for example, because my antivirus software is removing the file as soon as I save it on my machine. I really appreciate your help.
Coordinator
Aug 18, 2016 at 3:53 AM
If your anti virus software can disable "Real Time Scan" feature, you can test the API.

This library and the API works as only "On Demand Scan", so you don't need enabling "Real Time Scan" feature for testing.
Marked as answer by mkundeti on 8/18/2016 at 4:13 AM
Aug 18, 2016 at 11:15 AM
Thank you, jsakamoto. This answer helps me a lot.
Coordinator
Aug 22, 2016 at 11:09 PM
Edited Aug 22, 2016 at 11:23 PM
I'll research and try these situations
I'm confusing now.
I tried to testing this library with "eicar.com" test file yesterday.

The library detect "eicar.com" that was created on user desktop folder as virus file, and clean it.
This is expected behavior.

But, the library also detect "notepad.exe" as virus file, and the library try to clean (remove) "notepad.exe"!
It looks not only "notepad.exe", but any executable files at any folders.

What happen!?
I'll continue to look into this behavior.

I appreciate if anybody explain why the library/API report "notepad.exe" is virus file.
Aug 23, 2016 at 3:15 PM
Is it because it is based on IAttachmentExecute? It was originally intended to be called by e-mail clients when they save an attachment. Emails are generally not allowed to have.exe attachements.
Aug 29, 2016 at 6:59 PM
Hi jsakamoto,

I tried testing the library with eicar.com test file and it was not able to detect the file. You said that it was able to detect "eicar.com" file in your tests.My machine has Symanytec anti-virus installed. I disabled realtime scanning and it was not able to detect. Waht Am I missing? I appreciate your help.
Aug 30, 2016 at 12:47 AM
  1. It was not detecting eucar test file with Symantec antivirus. I tried with windows Defender antivirus. It sort of worked in that it gave a com exception for the eucar test file but let regular files through. why am I getting a COM exception?