Virus Detection System

1. INTRODUCTION

1.1 Existing System

A computer virus is a computer program that can copy itself and infect a computer
without permission or knowledge of the user. The term "virus" is also commonly used,
albeit erroneously, to refer to many different types of malware and adware programs. The
original virus may modify the copies, or the copies may modify themselves, as occurs in a
metamorphic virus. anti-virus software that can detect and eliminate known viruses after
the computer downloads or runs the executable. There are two common methods that an
anti-virus software application uses to detect viruses. The first, and by far the most
common method of virus detection is using a list of virus signature definitions. They are
heuristic analysis and signature scanning. In signature scanning only single virus can be
detected at a time where as in The second method is to use a heuristic algorithm to find
viruses based on common behaviors. This method has the ability to detect viruses that anti-
virus security firms have yet to create a signature for.

1.2 Proposed System

Virus Detection System is an application which shows the way of approaching a

generic antivirus product. Unlike to some antivirus products which binds themselves to
specific signatures of some particular viruses, this simulation provides a generic approach
by which we are able to detect more than a single virus with a common virus code in the
database.

For the users of antivirus products who would like to know the simulation of an
antivirus the Virus Detection System is an application which shows the way of approaching
a generic antivirus product

Unlike to some antivirus products which binds themselves to specific signatures of

some particular viruses, this simulation provides a generic approach by which we are able
to detect more than a single virus with a common virus code in the database.

1
 2. REQUIREMENT ANALYSIS

2.1 System Requirements:

2.1.1 Hardware Requirements:

The various hardware details required for the project are,

PROCESSOR : Intel Pentium II or above

PROCESSOR speed : 1.76 GHZ or above

RAM : 32 MB or above

HDD : 40 MB

2.1.2 Software Requirements:

The various software requirements of this project are,

PLATFORM : WINDOWS XP

FRONT END : C, C# .NET

BACK END : MS ACCESS

2
2.2 SRS

2.2.1 Vision

For the users of antivirus products who would like to know the simulation of an
antivirus the Virus Detection System is an application which shows the way of
approaching a generic antivirus product.

Unlike to some antivirus products which binds themselves to specific signatures of

some particular viruses, this simulation provides a generic approach by which we are able
to detect more than a single virus with a common virus code in the database.

2.2.2 Scope

2.2.2.1Overview:
User can get the file, folder or the entire system to be scanned by selecting an
option from the scanning form. As a result of this a report is generated which is provided to
the user. If there are any infected files they are listed in the report. The user will be
provided options to delete the infected files or record their locations to delete them later.
The files selected to be deleted by the user will be removed from the computer
permanently. The locations of infected files will be stored in a safe place if the user selects
the option to delete them later. The user is also provided with an option to update the virus
data base by adding a new code or deleting the existing one.

2.2.2.2 Exclusions:-

The new viruses cannot be detected which are not in the database.

2.2.2.3 Assumptions:-

The virus code in the database must be in Assembly level language.

Database contains at least one virus code.

3
2.2.3 System Functions

S.No. System Function Description

DATABASE UPDATION
1. s1.1 Adding new code to the database.
2. s1.2 Deleting the existing old code.

SCANNING FILES
3. s2.1 Scanning the selected file or folder
4. s2.3 A report is generated with status of scanned files.
5. s2.4 Provides the option to delete the files which is infected.
6. s2.5 Provides an alternate option to record the infected file location.

SCANNING REPORT

7. s3.1 Shows the infected files after scanning is completed.

8. s3.2 Provides the options like moving to vault and delete now.

VIRUS VAULT
8. s4.1 View the affected files.
9 s4.2 Delete the selected files.

2.2.4 Glossary

Virus code A program that infects the system

Virus vault The virus affected files are stored here which can be deleted later by the user

4
2.2.5 Detailed Software Requirements

2.2.5.1 Use case model

2.2.5.1.1 Actors:

Actor Name User

Actor Id ACT-01
Description Handles all tasks throughout the application.
Can select the set of files in his PC to scan them.

Can view the Scanning report when scanning is finished.

Main Activities Can Select the options provided in Scanning report.

Can update the virus Database.

Can view the virus vault at any time to delete the infected files.
Frequency of Use High
Work Environment / Location Stand alone Window.
Number of Users 1 to Many

5
2.2.5.1.2 List of Use Cases:

 Scanning Files.
 Updating Database.
 Storing the Infected Files.

2.2.5.1.3 Use case diagram:

Scanning Files

Updating Database
User

Storing the
infected Files.

Fig 2.2.5.1.3 Use case diagram

6
 2.2.6 Detailed Use Case Descriptions:

2.2.6.1 Scanning Table

Use Case Scanning Files

Name

Use Case ID UC1

Actor(s) User

Summary The user can scan a file, folder, And All drives in My computer and detects the infected
files, generate a scanning report to Use.
Preconditions Database must contain at least one code.

Main Flow 1. The user enters the use case. 1.1. System displays the list of Scanning
options. The following options are given to
the user.

S1. To Scan A file.

S2. To Scan A folder.

S3. To Scan Available Drives in My

Computer.

2. User selects one of the options: S1 or S2 or 2.1. The selected option (sub flow) is
S3. For S1 and S2, User must enter/select the file executed.
name or folder name.

Sub Flows S1: Scanning A file

1. User selects S1 after selecting Scanning 1.1. User selects the file from file
Options. browser.

1.2. System generates the scanning

Report after Scanning Completed.

S2: Scanning A folder

7
 1. User selects S2 after selecting Scanning 1.1. User selects the folder from
Options. folder browser.

1.2. System generates the Scanning

Report after Scanning Completed.

S3: Scanning All drives in My Computer

1. 1. User selects S3 after selecting 1.1. System Scans the files in

Scanning Options. Available Drives in My Computer.

1.2. System generates The Scanning

Report after Scanning Completed.

Alternate A1. User chooses to cancel the operation. If it is from one of the sub flows, it takes the user to
Flows the main flow. If Exit is selected from the main flow, the user is taken to the application main
screen.

Post System must generate scan report.

Conditions

Cross S2.1 , S2.2 , S2.3 , S2.4 , S2.5

Reference

Assumptions The database contains at least one virus code.

Business --
Rules

Sequence
User Scanner
Diagrams
1: File / folder

2: Scanning

3: Scanning Report

8
Screen Shot

9
 2.2.6.2 Updation Table

Use Case Updating Database.

Name

Use Case ID UC2

Actor(s) User

Summary User can Add a New code into database and delete the old code from database

Preconditions

Main Flow 1. The user enters the use case. 1.1. System displays the list of Database
options. The following options are given to
the user.

S1.Adding a new code into database.

S2.Adding Code from ASM File to database.

S2.Delete Old code from database.

2. User selects one of the options: S1 or S2 or S3. 2.1 The selected option (sub flow) is
executed.

Sub Flows S1.Adding a new code into database.

1. User selects S1 after selecting database 1.1. User enters the code name and
Options. instructions to database.

1.2 User adds the code name and

instructions to database.

1.3 User is returned to the main

flow.

10
 S2.Adding new codes from ASM file to database.

1. User selects S2 after selecting database 1.1. User enters the code name
Options. selects the ASM file from file
browser.

1.2 Code name and instructions are

added to database.

1.3 User is returned to the main

flow.

S2.Delete Old code from database.

1. User selects S2 after selecting database 1.1. User selects available code
Options. names and instructions from
database.

1.2 User deletes the select code

name and instructions from
database.

1.3 User returned to the main flow.

Alternate A1. User chooses to cancel the operation. If it is from one of the sub flows, it takes the user to
Flows the main flow. If Exit is selected from the main flow, the user is taken to the application main
screen.

Post Virus database will be updated by adding new code or deleting the existing code.
Conditions

Cross S1.1,S1.2
Reference

Assumptions 1. There are only virus codes in database.

Business --
Rules

11
Sequence
User Database
Diagram
1: Adding code

2: Updating

3: Status

4: Deleting Code

5: Updating

6: Status

Screenshot

12
 2.2.6.3 Vault Table

Use Case Storing the Infected files

Name

Use Case ID UC3

Actor(s) User

Summary Virus Vault contains the list of filenames which are infected by a virus in database.

Preconditions Locations of Files in virus vault should not be modified.

Main Flow 1. The user enters the use case. 1.1. System displays the list of infected files.
Following options is given to the user.

S1.Delete files.

2. User selects one option or closes the form. 2.1 The selected option (sub flow) is
executed.
Sub Flows S1. Delete File

1. User selects S1 after selecting Virus 1.1. System deletes the selected file
vault. from Computer.

Alternate A1. User chooses to cancel the operation. If it is from sub flow, it takes the user to the main flow.
Flows If Exit is selected from the main flow, the user is taken to the application main screen.

Post Selected files will be removed from PC

Conditions

Cross S3.1,S3.2
Reference

Assumptions Virus vault contains infected files only.

13
Sequence
User Virus Vault
Diagram

Provide Option (Delete files)

Selecting Option

Delete files

Business --
Rules

Screenshot

14
2.2.7 Functional Capabilities
 The affected file locations must be automatically moved to the virus vault when the user
doesn’t select any one of the options like deleting file or move to the virus vault in the
report form.
 During the scanning, file should not be accessed by another process.

2.2.8 Non-Functional Requirements

 The virus database should be updated without internet connection. (Usability)

 The virus database should be updated as per user requirements. (Supportability)
 While file is being scanned ,it should not be accessed by any other process.
(Supportability)
 The scanning process must start within 2 seconds. (Performance)
 The scanning process should not take long period of time. (Performance)
 The system should be available 24 X 7. (Reliability/ availability)

15
 3. SYSTEM DESIGN

3.1 Data Dictionary

TABLE NO 3:3.1:

NAME: SCODE

PURPOSE:

This table is used to store the virus codes that will be used to compare with the translated
file codes.

Column Name Data Type Size Constraints

Code Name Text 30 NOT NULL

Instruction Text 50 NOT NULL

Sno Integer 15 NOT NULL

TABLE NO 3:3.2:

NAME: REPORT

PURPOSE:

This table is used to store the file locations and their status that have been scanned temporarily to
pass them to the next module after completing all the selected files.

Column Name Data Type Size Constraints

Filename Text 255 NOT NULL

Status Text 50 NOT NULL

TABLE NO 3:3.3:

NAME: VAULT

16
PURPOSE:

This table is used to store the locations of the files that are affected and have been moved
to the vault for deleting them in the future.

Column Name Data Type Size Constraints

Filename Text 255 NOT NULL

Status Text 50 NOT NULL

3.2 Database Logical Design

Normalization

Normalization is the process of efficiently organizing data in a database. There are

two goals of the normalization process: eliminating redundant data (for example, storing
the same data in more than one table) and ensuring data dependencies make sense (only
storing related data in a table). Both of these are worthy goals as they reduce the amount of
space a database consumes and ensure that data is logically stored.

3.2.1 Normal Forms

The database community has developed a series of guidelines for ensuring that
databases are normalized. These are referred to as normal forms and are numbered from
one (the lowest form of normalization, referred to as first normal form or 1NF) through
five (fifth normal form or 5NF). In practical applications, you'll often see 1NF, 2NF, and
3NF along with the occasional 4NF. Fifth normal form is very rarely seen and won't be
discussed in this article.
Before we begin our discussion of the normal forms, it's important to point out that
they are guidelines and guidelines only. Occasionally, it becomes necessary to stray from
them to meet practical business requirements. However, when variations take place, it's
extremely important to evaluate any possible ramifications they could have on your system
and account for possible inconsistencies. That said, let's explore the normal forms.

3.2.1.1 First Normal Form (1NF)

First normal form (1NF) sets the very basic rules for an organized database:
 Eliminate duplicative columns from the same table.
 Create separate tables for each group of related data and identify each row with a
unique column or set of columns (the primary key).

17
Column Name Data Type Size Constraints

Filename Text 255 NOT NULL

Status Text 50 NOT NULL

3.2.1.2 Second Normal Form (2NF)

Second normal form (2NF) further addresses the concept of removing duplicative data:
 Meet all the requirements of the first normal form.
 Remove subsets of data that apply to multiple rows of a table and place them in
separate tables.
 Create relationships between these new tables and their predecessors through the
use of foreign keys.

3.2.1.3 Third Normal Form (3NF)

Third normal form (3NF) goes one large step further:
 Meet all the requirements of the second normal form.
 Remove columns that are not dependent upon the primary key.

3.2.1.4 Boyce-Codd Normal Form

The criteria for Boyce-Codd normal form (BCNF) are:
 The table must be in 3NF.
 Every non-trivial functional dependency must be a dependency on a super key.

3.2.1.5 Fourth Normal Form (4NF)

The criteria for fourth normal form (4NF) are:
 The table must be in BCNF.
 There must be no non-trivial multi valued dependencies on something other than a
super key. A BCNF table is said to be in 4NF if and only if all of its multi valued
dependencies are functional dependencies.

3.2.1.6 Fifth Normal Form

The criteria for fifth normal form (5NF and also PJ/NF) are:
 The table must be in 4NF.
 There must be no non-trivial join dependencies that do not follow from the key
constraints. A 4NF table is said to be in the 5NF if and only if every join
dependency in it is implied by the candidate keys.
For a database to be in 2NF, it must first fulfill all the criteria of a 1NF database.

18
3.3 UML Diagrams

3.3.1 Use Case Diagram

Use case diagrams are created to visualize the relationships between actors and use
cases. A use case is a pattern of behavior the system exhibits. Each use case is a sequence
of related transactions performed by an actor and the system.

A flow of events documents is created for each use cases, written from an actor
point of view. Details what the system must provide to the actor when the use cases are
executed.

Typical Contents:

 How the use case starts and ends.

 Normal flow of events.
 Alternate flow of events.
 Exceptional flow of events.

Figure 3.3.1.1 Symbols

Actor

Actor

Use case:

19
3.3.1.2 Use case diagram for User

Scanning Files

Updating Database
Use
r

Storing the
infected Files.

Figure 3.3.1.2 Use case diagram for User

3.3.2 Class Diagram

20
 A Class diagram gives an overview of a system by showing its classes and the
relationships among them. UML class is a rectangle divided into: class name, attributes,
and operations.
Our class diagram has three kinds of relationships.

 Association -- a relationship between instances of the two classes. There is an

association between two classes if an instance of one class must know about the
other in order to perform its work.

 Aggregation -- an association in which one class belongs to a collection. An

aggregation has a diamond end pointing to the part containing the whole. In our
diagram, Order has a collection of Order Details.

 Generalization -- an inheritance link indicating one class is a super class of the

other

21
3.3.2.1 Class Diagram for Virus Detection System

Data Base
virus code

add code()
delete code()
1 1

User
1..*
Scan()
Delete()
1
1..n
Files
1..n path
extension
access rights

move to vault()

Figure 3.3.2.1 Class Diagram for Virus Detection System

22
3.3.3 Sequence Diagram

A type of interaction diagram, a sequence diagram shows the actors of the object
participating in an interaction and the events they generate arranged in a time sequence.
Often a sequence diagram shows the events that results from a particular instance of a
particular instance of a use case but a sequence diagram can also exist in a more generic
form.

The vertical dimension in a sequence diagram represents time; with time preceding
down the page the horizontal dimension represents different actors.

Object class1 Object class2 Object class3

23
3.3.3.1 Sequence Diagram for Scanning

User Scanner
Display Options

Selecting Options(file,Folder,My Computer)

Scanning

Generates Report

Figure 3.3.3.1 Sequence Diagram for Scanning

24
3.3.4 Collaboration Diagram

Collaboration diagrams are also relatively easy to draw they show the relationship
between objects and the order of messages passed between them. The objects are listed as
icons and arrows indicate the messages being passed between them .The numbers next to
the messages are called the sequence numbers. As the name suggests, they show the
sequence of the messages as they are passed between the objects. There are many
acceptable sequence numbering schemes in UML.

2: Adding
5: Deleting
1: Code Name, Instructions
4: Code name

User Data
base

3: Status
6: Status

Figure 3.3.4.1 Collaboration Diagram

25
 4. SYSTEM IMPLEMENTATION

4.1 Selected Software

4.1.1 Microsoft.NET Framework

The .NET Framework is a new computing platform that simplifies application

development in the highly distributed environment of the Internet. The .NET Framework is
designed to fulfill the following objectives:

 To provide a consistent object-oriented programming environment whether object

code is stored and executed locally, executed locally but Internet-distributed, or
executed remotely.
 To provide a code-execution environment that minimizes software deployment and
versioning conflicts.

 To provide a code-execution environment that guarantees safe execution of code,

including code created by an unknown or semi-trusted third party.

 To provide a code-execution environment that eliminates the performance problems

of scripted or interpreted environments.

 To make the developer experience consistent across widely varying types of

applications, such as Windows-based applications and Web-based applications.

 To build all communication on industry standards to ensure that code based on

the .NET Framework can integrate with any other code.

First clearing that Java is two things Java language and Java Platform. Similarly .Net is
two things the .Net supported languages and .Net Platform. Now come to major difference
which is root cause of differences between Java and .Net

26
 The ideal of Java has always been a Single language shared by multiple Platforms.
Whereas .Net is based on Multiple languages shared by single Platform. Now come to
derived differences from this major difference.

 Net has Multilanguage support. While java has based on java language only.
According to Microsoft latest news .Net support around 40 languages including
major market share COBOL Vb.net C#.net Perl and many others.

 Since java is multiplatform so it’s set of Framework Classes is limited to what is

available on all platforms. While .Net has set of all the Classes available on
Microsoft Platform.

 Net due to disconnected data access through ADO.Net has hi level of performance
against Java JDBC which requires multiple round trips to data base.

 Java has support to open source platform while .Net has no direct support for Open
source Platforms.

4.1.2 Methodology

Our project is developed by the following main methodologies,

 C# DOTNET (front end)

 C (middle end)
 MS ACCESS (back end)
4.1.2.1 C # Dot net:
C# DOTNET is used as the front end as it is the latest and flexible technology
which is comprised of C and Visual C++. It has a wide range of features which are very
useful.
Dot net Features:
 DOTNET makes it easy for your database administrator to set up a centralized unit
database on your unit's FTP site so that multiple readers can access the SAME set
of data files. This means you no longer have to worry about providing database

27
 backups to numerous readers and then trying to coordinate database updates
without someone getting left out of the loop.

 Data security! The web database is fully encrypted using a data encryption
password that you define. No one without that password can view your data, even if
someone hacks into your FTP site or intercepts the database upload.

 Through the use of Data Access Passwords, the database administrator can control
who can update the data and which functional area(s) they're allowed to update.
You can assign the same functional area to more than one user. Of course, the
database administrator retains update authority over the entire database.

 For each Data Access Password, simple checkbox options allow you to block users
with that password from even being able to see sensitive data items, such as social
security numbers and driver's licenses. There's a separate checkbox for each
sensitive data item, so you have full control.

 DOTNET automatically handles the FTP site interface for you. When you log on,
DOTNET connects to your FTP site, downloads your encrypted database, and
decrypts it. Troop Master/Pack Master then decompresses the database and loads
the files into your Troop Master/Pack Master data folder. At that point, you can
even disconnect from the Internet. When you exit Troop Master/Pack Master,
DOTNET compresses and encrypts your updated database and uploads the
encrypted files back to your FTP site.

28
  DOTNET guarantees the safe execution of code, including code created by
unknown or semi-trusted third parties. This is where the term managed code comes
from, because the applications have to meet security standards and are managed
just for that very purpose.

 DOTNET enables developers to work in a consistent programming environment

whether creating applications for desktops or the Internet. This ensures that
although there are techniques that vary between Web and desktop applications, you
can use the same languages, such as C#.

 DOTNET builds all communication on industry standards to ensure that code based
on the .NET Framework can integrate with any other code. .NET uses XML
extensively, as well as other communication protocols such as SOAP (Simplified
Object Application Programming), which are both industry standards.

 DOTNET minimizes software deployment and versioning conflicts. Also called

DLL hell, these conflicts occurred frequently when you were developing in prior
platforms such as Visual Basic and using ActiveX controls. A lot of times when you
installed new versions of your applications, controls would conflict and not work.

 DOTNET eliminates performance problems of scripted or interpreted

environments. Everything is compiled into a common language that the various
parts of the platform are designed to work with.

4.1.3 Concepts used:

 FORMS
 OLEDB PROVIDER

29
4.1.3.1 Forms:

The objects from the standard classes are called graphical user interface (GUI)
objects, and are used to handle the user interface aspect or programs. The style of
programming we use with these GUI objects is called event-driven programming. An event
occurs when the user interacts with a GUI object. For example, when we move the cursor,
click on a button, or select a menu choice, an event occurs. In event-driven programs, we
program objects to respond to these events by defining event-handling methods.

30
 A form is a general-purpose window in which the user interfaces with the
application. A java GUI application program must have at least one form that serves as the
program’s main window. The visual basic supports the most rudimentary functionality to
support features found in any frame window, such as minimizing the window, moving the
window, resizing the window and so forth.

4.1.3.2 Oledb:
The OLE DB Data Provider is for use with databases that support OLE DB
interfaces. This data provider uses native OLE DB through COM interoperability to access
the database and execute commands. To use the OLEDB Data Provider we must also have
a compatible OLE DB provider. The following OLE DB providers are, at the time of
writing, compatible with ADO.NET:
Microsoft.Jet.Oledb.4.0 – OLE DB Provider for Microsoft Jet
The OLED DB Data Provider does not support OLE DB 2.5 interfaces, such as
those required for Microsoft OLE DB Provider for Exchange and Microsoft OLE DB
Provider for Internet Publishing. The OLE DB Data Provider also does not support the
MSDASQL Provider (Microsoft OLE DB Provider for ODBC). The OLEDB Data
Provider is the recommended data provider for applications that use SQL Server 6.5 or
earlier, Oracle, or Microsoft Access.
The classes for the OLE DB Data Provider are found in the System.Data.OleDb
namespace
In OLE DB Data Provider there are four key classes that are derived from the
following ADO.NET interfaces, found in the System.Data namespace:
IDbConnection – SqlConnection and OleDbConnection
IDbCommand – SqlCommand and OleDbCommand
IDataReader – SqlDataReader and OleDbDataReader
IDbDataAdapter – SqlDataAdapter and OleDbDataAdapter

31
4.1.3.3 Connection:
The connection classes inherit, as we just saw, from the IDbConnection interface.
They are manifested in each data provider as either the SqlConnection (for the SQL Server
Data Provider) or the OleDbConnection (for the OLE DB Data Provider). The connection
class is used to open a connection to the database on which commands will be executed.

4.1.3.4 Command:
The command classes inherit from the IDbCommand interface. As with the
connection class, the command classes are manifested as either the SqlCommand or the
OleDbCommand. The command class is used to execute T-SQL commands or stored
procedures against a database. Commands require an instance of a connection object in
order to connect to the database and execute a command. In turn, the command class
exposes several execute methods, depending on what expectations you have.

4.1.3.5 Data Reader:

The datareader classes inherit from the IDataReader interface. Continuing the trend,
the data reader is manifested as either a SqlDataReader or an OleDbDataReader. The
datareader is a forward-only, read-only stream of data from the database. This makes the
datareader a very efficient means for retrieving data, as only one record is brought into
memory at a time.

4.1.3.6 Data Adapter:

The Data Adapter classes inherit from the IDbDataAdapter interface and are
manifested as SqlDataAdapter and OleDbDataAdapter. The DataAdapter is intended for
use with a DataSet and can retrieve data from the data source, populate DataTables and
constraints, and maintain the Data Table relationships. The DataSet can contain multiple
DataTables, disconnected from the database. The data in the DataSet can be manipulated –
changed, deleted, or added to – without an active connection to the database.

32
4.1.4 C:
The disassembling part of the system requires the language that can be written in
both high level and low level and the immediate option is the C language. We used C
language to create the disassembler and we have created the executable file of the
disassembly program and we used it as a disassembler tool in our project.

4.1.5 MS ACCESS:

Microsoft Access has changed the image of desktop databases from specialist
applications used by dedicated professionals to standard business productivity applications
used by a wide range of users. More and more developers are building easy-to-use business
solutions on, or have integrated them with, desktop applications on users' desktops.

Microsoft Access has built a tradition of innovation by making historically difficult

database technology accessible to general business users. Whether users are connected by a
LAN, the Internet, or not at all, Microsoft Access ensures that the benefits of using a
database can be quickly realized. With its integrated technologies, Microsoft Access is
designed to make it easy for all users to find answers, share timely information, and build
faster solutions.

At the same time, Microsoft Access has a powerful database engine and a robust
programming language, making it suitable for many types of complex database
applications.

4.1.5.1 Data engine:

Microsoft Access ships with the Microsoft Jet database engine. (For additional
information on the Jet database engine, please refer to Microsoft Jet Database Engine
Programmer's Guide, published by Microsoft Press). This is the same engine that ships
with Visual Basic and with Microsoft Office. Microsoft Jet is a 32-bit, multithreaded
database engine that is optimized for decision-support applications and is an excellent
workgroup engine.

33
 Microsoft Jet has advanced capabilities that have typically been unavailable on
desktop databases. These include:

4.1.5.2 Access to heterogeneous data sources:

Microsoft Jet provides transparent access, via industry-standard Open Database

Connectivity (ODBC) drivers, to over 170 different data formats, including Borland
International dBase and Paradox, ORACLE from Oracle Corporation, Microsoft SQL
Server, and IBM DB2. Developers can build applications in which users read and update
data simultaneously in virtually any data format.

4.1.5.3 Engine-level referential integrity and data validation:

Microsoft Jet has built-in support for primary and foreign keys, database-specific
rules, and cascading updates and deletes. This means that a developer is freed from having
to create rules using procedural code to implement data integrity. Also, the engine itself
consistently enforces these rules, so they are available to all application programs.

4.1.5.4 Advanced workgroup security features:

Microsoft Jet stores User and Group accounts in a separate database, typically
located on the network. Object permissions for database objects (such as tables and
queries) are stored in each database. By separating account information from permission
information, Microsoft Jet makes it much easier for system administrators to manage one
set of accounts for all databases on a network.

4.1.5.5 Updateable dynasets:

As opposed to many database engines that return query results in temporary views
or snapshots, Microsoft Jet returns a dynaset that automatically propagates any changes
users make back to the original tables. This means that the results of a query, even those
based on multiple tables can be treated as tables themselves. Queries can even be based on
other queries.

34
 Binding objects and data is easy with Microsoft Access. Complex data-
management forms can be created easily by dragging and dropping fields and controls onto
the form design surface. If a form is bound to a parent table, dragging a child table onto the
form creates a sub form, which will automatically display all child records for the parent.

Microsoft Access has a variety of wizards to ease application development for both
users and developers. These include:

 The Database Wizard, which includes more than 20 customizable templates to create
full-featured applications with a few mouse clicks.

 The Table Analyzer Wizard, which can decipher flat-file data intelligently from a wide
variety of data formats and create a relational database.

 Several form and report wizards, which allow users great flexibility in creating the
exact view of data required, regardless of underlying tables or queries.

 The Application Splitter Wizard, which separates a Microsoft Access application from
its tables and creates a shared database containing the tables for a multi-user
application.

 The PivotTable® Wizard, which walks users through the creation of Microsoft Excel
PivotTables based on a Microsoft Access table or query.

 The Performance Analyzer Wizard, which examines existing databases and

recommends changes to improve application performance.

In addition to the wizards just listed, Microsoft Access provides a number of ease-of-
use features in keeping with its goal of providing easy access to data for users. These
include:

 Filter by Form, which allows users to type the information they seek and have
Microsoft Access build the underlying query to deliver only that data, in a form view.

35
 Filter by Input, which allows users simply to right-click on any field, in any view, and
then type the criteria they are looking for into an input box on a pop-up menu. Upon
pressing ENTER, the filter is applied and the user then sees only the information they
are looking for.

 Filter by Selection, which allows users to locate information quickly on forms or

datasheets by highlighting a selection and filtering the underlying data based on that
selection.

36
4:2 SAMPLE CODE:

using System;

using System.Collections.Generic;

using System.ComponentModel;

using System.Data;

using System.Drawing;

using System.Linq;

using System.Text;

using System.IO;

using System.Data.OleDb;

using System.Windows.Forms;

namespace WindowsFormsApplication1

public partial class start : Form

public start()

InitializeComponent();

private void start_Load(object sender, EventArgs e)

drives = Environment.GetLogicalDrives();

37
sdrive = drives[0];

con = new OleDbConnection(@"Provider=microsoft.jet.oledb.4.0;data

source=" + sdrive + @"VDS\viruscodes.mdb");

try

Directory.CreateDirectory(sdrive + "VDS");

catch (Exception ae)

try

File.Copy("viruscodes.mdb", sdrive + @"VDS\viruscodes.mdb");

catch (Exception ae)

try

File.Copy("TRIAL.EXE", sdrive + @"VDS\TRIAL.EXE",true);

catch (Exception ae)

38
 {

new virusvault().Show();

private void addCodeToolStripMenuItem_Click(object sender, EventArgs e)

new add().Show();

private void addFromFileToolStripMenuItem_Click(object sender, EventArgs e)

new addfile().Show();

private void deleteCodeToolStripMenuItem_Click(object sender, EventArgs e)

new delete().Show();

private void exitToolStripMenuItem_Click(object sender, EventArgs e)

Application.Exit();

39
CODE FOR ADD DATA BASE

public partial class add : Form

public add()

InitializeComponent();

private void addbut_Click(object sender, EventArgs e)

try

if (con.State == 0)

con.Open(); // opening the connection

ssql = "select *from codes where name='" + textBox1.Text + "';";

cmd = new OleDbCommand(ssql,con);

rdr = cmd.ExecuteReader();

if (rdr.HasRows)

rdr.Read();

if(!(rdr.IsDBNull(0)))

count = Convert.ToInt32(rdr.GetValue(0)) + 1;

rdr.Dispose();

40
 }

ssql = "insert into codes values('" + textBox1.Text + "','" + textBox2.Text +

"'," + count + ");";

cmd = new OleDbCommand(ssql, con);

cmd.ExecuteNonQue

MessageBox.Show("Instruction inserted
successfully","Success",MessageBoxButtons.OK,MessageBoxIcon.Informa
tion);

//same code name with different code instructions so we disable the

CODENAME textbox,enable CLOSE button

textBox2.Text = "";

textBox2.Focus();

textBox1.Enabled = false;

closebut.Enabled = true;

cmd.Dispose();

private void closebut_Click(object sender, EventArgs e)

MessageBox.Show("'"+textBox1.Text +"' Code has been added successfully, You

may insert another
code","Success",MessageBoxButtons.OK,MessageBoxIcon.Information);

textBox1.Text = "";

textBox2.Text = "";

41
 textBox1.Enabled = true;

closebut.Enabled = false;

textBox1.Focus();

private void exitbut_Click(object sender, EventArgs e)

this.Close();

private void add_Load(object sender, EventArgs e)

string[] drives = Environment.GetLogicalDrives();

string sdrive = drives[0];

con = new OleDbConnection(@"Provider=microsoft.jet.oledb.4.0;data

source=" + sdrive + @"VDS\viruscodes.mdb");

42
ADD FROM FILE

private void addbut_Click(object sender, EventArgs e)

try

if (con.State == 0)

con.Open();

if (Rdr.HasRows)

try

ssql = "select max(sno) from codes ";

cmd = new OleDbCommand(ssql, con);

Rdr = cmd.ExecuteReader();

Rdr.Read();

sno = Convert.ToInt32(Rdr.GetInt32(0));

catch (Exception ae)

sno++;

while ((fcode = tr.ReadLine()) != null)

43
 {

insert into codes values('" + textBox1.Text + "','" + fcode + "'," + sno + ");";

cmd = new OleDbCommand(ssql, con);

x+=cmd.ExecuteNonQuery();

private void browsebut_Click(object sender, EventArgs e)

openFileDialog1.ShowDialog();

fp = openFileDialog1.FileName;

textBox2.Text = fp;

private void exitbut_Click(object sender, EventArgs e)

this.Close();

private void addfile_Load(object sender, EventArgs e)

string[] drives = Environment.GetLogicalDrives();

string sdrive = drives[0];

con = new OleDbConnection(@"Provider=microsoft.jet.oledb.4.0;data

source=" + sdrive + @"VDS\viruscodes.mdb");

44
 }

DELETE CODE

public delete()

InitializeComponent();

private void fillcombobox()

try

if (Con.State == 0)

Con.Open();

comboBox1.Text = "SELECT HERE";

catch (Exception ae)

MessageBox.Show("No Data Exists in Database or Not Accessible \nPlease

restart Application to Solve this
problem","DatabaseError",MessageBoxButtons.OK,MessageBoxIcon.Warning);

this.Close();

45
private void deletebut_Click(object sender, EventArgs e)

try

name = comboBox1.SelectedItem.ToString();

int sno = Rdr.GetInt32(0);

Rdr.Dispose();

Cmd.Dispose();

sSQL = "update codes set sno=sno-1 where sno>" + sno;

Cmd = new OleDbCommand(sSQL, Con);

int y = Cmd.ExecuteNonQuery();

listBox1.Items.Clear();

comboBox1.Items.Clear();

fillcombobox();

if (Con.State != 0)

Con.Close();

catch (Exception ae)

catch (Exception ae)

46
 }

private void exitbut_Click(object sender, EventArgs e)

this.Close();

private void comboBox1_SelectedIndexChanged(object sender, EventArgs e)

try

if (Con.State == 0)

Con.Open();

Rdr.Dispose();

Cmd.Dispose();

if (Con.State != 0)

Con.Close();

47
 5. TEST CASES

Testing is the process of detecting errors. Testing performs a very critical role for
quality assurance and for ensuring the reliability of software. The results of testing are used
later on during maintenance also

5.1 Psychology of Testing

The aim of testing is often to demonstrate that a program works by showing that it
has no errors. The basic purpose of testing phase is to detect the errors that may be present
in the program. Hence one should not start testing with the intent of showing that a
program works, but the intent should be to show that a program doesn’t work.

Testing is the process of executing a program with the intent of finding errors.

5.2. Testing Objectives:

The main objective of testing is to uncover a host of errors, systematically and with
minimum effort and time. Stating formally, we can say,

 Testing is a process of executing a program with the intent of finding an error.

 A successful test is one that uncovers an as yet undiscovered error.

 A good test case is one that has a high probability of finding error, if it exists.

 The tests are inadequate to detect possibly present errors.

 The software more or less confirms to the quality and reliable standards.

48
5.3 Levels Of Testing

In order to uncover the errors present in different phases we have the concept of
levels of testing.The basic levels of testing are

Client Needs Acceptance Testing

Requirements System Testing

Design Integration Testing

Code Unit Testing

5.3.1 Unit testing:

Unit testing focuses verification effort on the smallest unit of software i.e. the
module. Using the detailed design and the process specifications testing is done to uncover
errors within the boundary of the module. All modules must be successful in the unit test
before the start of the integration testing begins.

In this project “Evaluation of Employee Performance” each service can be thought

of a module. There are so many modules like Executive, Debit Card, Credit Cards,
Performance, and Bills. Each module has been tested by giving different sets of inputs
(giving wrong Debit card Number, Executive code) when developing the module as well as
finishing the development so that each module works without any error. The inputs are
validated when accepting from the user.

49
5.3.2 Integration Testing:

After the unit testing we have to perform integration testing. The goal here is to see
if modules can be integrated properly, the emphasis being on testing interfaces between
modules. This testing activity can be considered as testing the design and hence the
emphasis on testing module interactions.

In this project ‘Evaluation of Employee Performance’, the main system is formed

by integrating all the modules. When integrating all the modules I have checked whether
the integration effects working of any of the services by giving different combinations of
inputs with which the two services run perfectly before Integration.

5.3.3 System Testing

Here the entire software system is tested. The reference document for this process
is the requirements document, and the goals to see if software meets its requirements.

Here entire ‘Evaluation of Employee Performance’ has been tested against

requirements of project and it is checked whether all requirements of project have been
satisfied or not.

5.3.4 Acceptance Testing

Acceptance Test is performed with realistic data of the client to demonstrate that
the software is working satisfactorily. Testing here is focused on external behavior of the
system; the internal logic of program is not emphasized.

In this project ‘Evaluation of Employee Performance’s have collected some data

and tested whether project is working correctly or not.

Test cases should be selected so that the largest number of attributes of an

equivalence class is exercised at once. The testing phase is an important part of software
development. It is the process of finding errors and missing operations and also a complete
verification to determine whether the objectives are met and the user requirements are
satisfied.

50
5.3.5 White Box Testing

This is a unit testing method where a unit will be taken at a time and tested
thoroughly at a statement level to find the maximum possible errors.

I tested step wise every piece of code, taking care that every statement in the code
is executed at least once. The white box testing is also called Glass Box Testing.

I have generated a list of test cases, sample data. Which is used to check all
possible combinations of execution paths through the code at every module level?

5.3.6 Black Box Testing

This testing method considers a module as a single unit and checks the unit at
interface and communication with other modules rather getting into details at statement
level. Here the module will be treated as a block box that will take some input and generate
output. Output for a given set of input combinations are forwarded to other modules.

5.4 Test Plan

Testing commence with a test plan and terminates with acceptance testing. A test
plan is a general document for the entire project that defines the scope, approach to be
taken and the schedule of testing as well as identifies the test item for the entire testing
process and the personal responsible for the different activities of testing. The test
planning can be done well before the actual testing commences and can be done in parallel
with the coding and design phases. The inputs forming the test plan are

 Project plan

 Requirements document

 System design document

51
 This project plan is needed to make sure that the test plan is consistent with the
over all plan for the project and the testing schedule matches that of the project plan. The
requirement document and the design document are the basic documents used for selecting
the test units and deciding the approaches to be used during testing. A test plan should
contain the following

 Test unit specification

 Features to be tested

 Approaches for testing

 Test deliverables

 Schedule

One of the most important activities of the test plan is to identify the test units. The
test unit is a set of one or more modules, together with associated date that are from a
single computer program and that are objects of testing.

A test unit can occur at any level and can contain from a single module to the entire
system thus a test unit may be a module, a few modules or a complete system.

5.4.1 Test plan Document

A Test Plan is a general document for the entire project, which defines the scope,
approach to be taken and the schedule of testing, as well as identifying the test items for
entire testing process and the personnel responsible for the different activities of testing.

 A test plan should contain the following

 Test unit specification

A test unit is a set of one or more modules together with associated date which are
from a single program and which are the object of testing. Test unit may be a module, a
few modules or a complete program,. Different units are usually specified for unit,
integration and system testing.

52
 The basic units to be tested are

 Executive Module to register Executive Details.

 Debit card Module to register Debit card Details.

 Credit card Module to register Credit card Details.

 Bills Module to store the Bills.

 Performance Module to store Executive Performance Details.

All these modules are integrated and the final system is also tested against various
possible test cases.

5.4.1.1 Features to be Tested:

Features to be tested include all software features and combinations of features that
should be tested .A software feature is a software characteristics specified or simplified by
the requirements of design documents. These may include functionality, performance,
design constraints and attributes.

All the functional features specified in the requirement document will be tested. No
testing will be done for the performance. Since we doesn’t consider the response time,
throughout time and memory requirements.

5.4.1.2 Approach for Testing:

The approach for testing specifies the over all approach to be followed in the
current project this is some times called testing criteria.

5.4.1.3 Test Deliverables:

Testing deliverables should be specified in the test plan, before the actual testing
begins. Deliverables could be a list of test cases that were used, detailed results of testing.
Test summary report, test log and data about the code coverage.

53
 5.4.1.4 Schedule

The test log provides a chronological record of relevant details about the execution
of the test cases. Different activities of testing and testing of different units that have
identified.

5.4.1.5 Personnel allocation

Personnel allocation identifies the persons responsible for performing the different
activities.

5.4.1.6 Test Case Report

Here we specify all the test cases that are used for system testing. The different
conditions that need to be tested along with the test cases used for testing those conditions
and the expected outputs are given .The goal is to test the different functional
requirements, as specified in the requirements document. Test cases have been selected for
both valid and invalid inputs.

54
5.5 Test Cases

5.5.1 Add Code

Test case ID Input Description Expected result

VDS_TC01 Code name Giving codename Filling all the fields is

without compulsory.
Instruction
instruction.

VDS_TC02 Code name Giving Filling all the fields is

instruction compulsory.
Instruction
without
codename.

VDS_TC03 Code name Without giving Filling all the fields is

both codename compulsory.
Instruction
and Instruction

VDS_TC04 Code name Giving both the Instruction inserted

code name and successfully
Instruction
Instruction

VDS_TC05 Code name Giving same Codename already exits,

codename please enter another
Instruction
codename

55
5.5.2 Add Code From File

Test case ID Input Description Expected result

VDS_TC01 Code name Giving codename Please select ASM file

without File
File name
name.

VDS_TC02 Code name Giving File name Please enter the code name
without
File name
codename.

VDS_TC03 Code name Without giving Filling all the fields is

both codename compulsory.
File name
and File name

VDS_TC04 Code name Giving both Code lines in file are

codename and inserted successfully
File name
File name

56
5.5.3 Delete Code

Test case ID Input Description Expected result

VDS_TC01 Code name Select the no data exits or database

codename from not accessible
instruction
combo box
without database.

VDS_TC02 Code name Select the Virus code is deleted

codename from successfully.
instruction
combo box with
instruction.

5.5.4 Virus Vault

Test case ID Input Description Expected result

VDS_TC01 Delete Selected file is The file was not exists

not present in the
Vault

5.5.5 Report

Test case ID Input Description Expected result

VDS_TC01 Move to vault Selected file will Delete function will not
be moved to work
virus vault.

6. SCREENS & REPORTS

57
6.1 Output Screens:

6.1.1.1 Home Page

Fig 6.1.1.1 Home Page

58
6.1.1.2 Scanning Module

Fig 6.1.1.2 Scanning Module

59
6.1.1.3 For Scanning Single File

Fig 6.1.1.3 For Scanning Single File

60
6.1.1.4 Browse For Scanning Single File

Fig 6.1.1.4 Browse For Scanning Single File

61
6.1.1.5 For Scanning Single Folder

Fig 6.1.1.5 For Scanning Single Folder

62
6.1.1.6 Browse For Scanning Single Folder

Fig 6.1.1.6 Browse For Scanning Single Folder

63
6.1.1.7 For Scanning My Computer

Fig 6.1.1.7 For Scanning My Computer

64
6.1.2 Database Updation Module

Fig 6.1.2 Database Updation Module

65
6.1.2.1 For Adding A New Code To Database

Fig 6.1.2.1 For Adding A New Code To Database

66
6.1.2.2 Form To Add The New Code

Fig 6.1.2.2 Form To Add The New Code

67
6.1.2.3 For Adding A New File To Database

6.1.2.3 For Adding A New File To Database

68
CForm To Add The New Code From File

Fig 6.1.2.3 Form To Add The New Code From File

69
6.1.2.5 For Deleting A New Code From Database

Fig 6.1.2.5 For Deleting A New Code From Database

70
6.1.2.6 Form To Delete The Code From Database

Fig 6.1.2.6 Form To Delete The Code From Database

71
6.1.3 Help

Fig 6.1.3 Help

72
6.2 Reports
6.2.1.1 Scanning Single File

Fig 6.2.1.1 Scanning Single File

73
6.2.1.2 Scanning Report Single File

Fig 6.2.1.2 Scanning Report Single File

74
6.2.1.3 Scanning Process For Single Folder

Fig 6.2.1.3 Scanning Process For Single Folder

75
6.2.1.4 Scanning Report Single Folder

Fig 6.2.1.4 Scanning Report Single Folder

76
6.2.1.5 Scanning Process For My Computer

Fig 6.2.1.5 Scanning Process For My Computer

77
6.2.1.6 Scanning Report For My Computer

6.2.1.6 Scanning Report For My Computer

78
6.2.3 Virus Vault

Fig 6.2.3 Virus Vault

79
 7. CONCLUSION & FUTURE SCOPE

7.1 Conclusion

This project has dropped a small stone in water, by designing an application that
provides a generic antivirus approach that is used to scan the files efficiently. “Virus
Detection System” being developed by restricting to the present technology available in
our college meets the desired needs of the requirements completely.

Our system can be extended further to an extent at which it can provide more
facilities and flexibility than it provides at present. At present the disassembling of the file
to be scanned is limited to the exe files that were written in C and C++ only. The
disassembler provided in this system may not work properly when we are going to scan the
files that are written in other high level languages. So more the decompiling tools we can
add we can scan a wide range of variety of files.

7.2 Future Scope

At present in our system only the files that were scanned and reported as affected
can be deleted or can be moved to vault to delete in future. So the only option provided for
the user is to delete the affected file. More over the affected file can be repaired by deleting
the virus code that was matched from the disassembled code and restoring the new file
from the repaired code

80
 8. BIBLIOGRAPHY

8.1 Text books

S.NO TITLE AUTHOR

1. “Visual C# 2005 Express Edition Starter Kit”, F. SCOTT BARKER,

2. “C#: YOUR VISUAL BLUE PRINT FOR ERIC BUTOW & TOMY

BUILDING .NET APPLICATIONS”, RYAN,

3. “A TO Z C”, K. JOSEPH WESLEY &

RAJESH JEBA ANBIAH

4. “Heuristic Analysis –Detecting Unknown Viruses” DAVID HARLEY &

ANDREW LEE.

8.2 Websites Visited

[1].http://www.this.net/~frank/pstill.html

[2] http://www.google.com/antiviruscodes.html

[3]. http://en.wikipedia.org/wiki/Disassembler

[4]. http://en.wikipedia.org/wiki/Antivirus

[5]. http://en.wikipedia.org/wiki/virus

[6]. http://www.eset.com

81