Dalam pembuatan AntiVirus, pasti Programmer/CEO AntiVirus ingin memperkuat lagi proses scanning pada suatu AntiVirusnya. Kali ini saya akan mengshare tentang cara bagaimana untuk bisa mengscan isi file Archive ZIP dan RAR.
Langsung Saja yah ^_^
Di sini kita Menggunakan XrMiniZip.dll untuk bisa mengscan isi File Archive ZIP/RAR. Dan XrMiniZip.dll pun bisa mengscan isi file archive dengan menggunakan CRC32 Sebagai pengecekan checksum terhadap file virus yg ada di dalam file archive :).
Code Fungsi API :
' struktur pencarian dalam archive
Private Type TZipSearchRec
Index As Long ' index file
Name As String * 260 ' nama file
Attr As Long ' attribute file
Size As Long ' ukuran file
CRC As String * 8 ' crc32
End Type
Private Type TZipSearchRec
Index As Long ' index file
Name As String * 260 ' nama file
Attr As Long ' attribute file
Size As Long ' ukuran file
CRC As String * 8 ' crc32
End Type
' Zip_LoadFile()
' membuka file archive zip lalu mengembalikan handle file tersebut
' jika nilai handle 0 maka gagal
Private Declare Function Zip_LoadFile Lib "XrMiniZIP.DLL" (ByVal szFile As String) As Long
' membuka file archive zip lalu mengembalikan handle file tersebut
' jika nilai handle 0 maka gagal
Private Declare Function Zip_LoadFile Lib "XrMiniZIP.DLL" (ByVal szFile As String) As Long
' Zip_FindFirst()
' mencari file pertama dalam archive
' mengembalikan nilai 0 jika berhasil atau nilai error jika gagal
Private Declare Function Zip_FindFirst Lib "XrMiniZIP.DLL" (ByVal hFile As Long, SR As TZipSearchRec) As Long
' Zip_FindNext()
' mencari file berikutnya dalam archive
' mengembalikan nilai 0 jika berhasil atau nilai error jika gagal
Private Declare Function Zip_FindNext Lib "XrMiniZIP.DLL" (ByVal hFile As Long, SR As TZipSearchRec) As Long
' Zip_Count()
' Mengembalikan jumlah file yang ada dalam archive
Private Declare Function Zip_Count Lib "XrMiniZIP.DLL" (ByVal hFile As Long) As Long
' Zip_CloseFile()
' tutup file zip dan free memory yang dipakai
Private Declare Function Zip_CloseFile Lib "XrMiniZIP.DLL" (ByVal hFile As Long) As Long
' Deskripsi diatas juga berlaku untuk fungsi RAR dibawah ini
Private Declare Function Rar_LoadFile Lib "XrMiniZIP.DLL" (ByVal szFile As String) As Long
Private Declare Function Rar_FindFirst Lib "XrMiniZIP.DLL" (ByVal hFile As Long, SR As TZipSearchRec) As Long
Private Declare Function Rar_FindNext Lib "XrMiniZIP.DLL" (ByVal hFile As Long, SR As TZipSearchRec) As Long
Private Declare Function Rar_Count Lib "XrMiniZIP.DLL" (ByVal hFile As Long) As Long
Private Declare Function Rar_CloseFile Lib "XrMiniZIP.DLL" (ByVal hFile As Long) As Long
' mencari file pertama dalam archive
' mengembalikan nilai 0 jika berhasil atau nilai error jika gagal
Private Declare Function Zip_FindFirst Lib "XrMiniZIP.DLL" (ByVal hFile As Long, SR As TZipSearchRec) As Long
' Zip_FindNext()
' mencari file berikutnya dalam archive
' mengembalikan nilai 0 jika berhasil atau nilai error jika gagal
Private Declare Function Zip_FindNext Lib "XrMiniZIP.DLL" (ByVal hFile As Long, SR As TZipSearchRec) As Long
' Zip_Count()
' Mengembalikan jumlah file yang ada dalam archive
Private Declare Function Zip_Count Lib "XrMiniZIP.DLL" (ByVal hFile As Long) As Long
' Zip_CloseFile()
' tutup file zip dan free memory yang dipakai
Private Declare Function Zip_CloseFile Lib "XrMiniZIP.DLL" (ByVal hFile As Long) As Long
' Deskripsi diatas juga berlaku untuk fungsi RAR dibawah ini
Private Declare Function Rar_LoadFile Lib "XrMiniZIP.DLL" (ByVal szFile As String) As Long
Private Declare Function Rar_FindFirst Lib "XrMiniZIP.DLL" (ByVal hFile As Long, SR As TZipSearchRec) As Long
Private Declare Function Rar_FindNext Lib "XrMiniZIP.DLL" (ByVal hFile As Long, SR As TZipSearchRec) As Long
Private Declare Function Rar_Count Lib "XrMiniZIP.DLL" (ByVal hFile As Long) As Long
Private Declare Function Rar_CloseFile Lib "XrMiniZIP.DLL" (ByVal hFile As Long) As Long
Private Const VIR_SAMPLE_FNAME As String = "sample.vbs" 'Ini Contoh Virus Berdasarkan Pencocokan Nama Virus
Private Const VIR_SAMPLE_FSIZE As Long = 288
Private Const VIR_SAMPLE_CRC32 As String = "20C9D7CC" 'Ini Contoh Virus Berdasarkan Checksum CRC32
Private Const VIR_CONFICKER_FNAME As String = "jwgkvsq.vmx"
Private Const VIR_SAMPLE_FSIZE As Long = 288
Private Const VIR_SAMPLE_CRC32 As String = "20C9D7CC" 'Ini Contoh Virus Berdasarkan Checksum CRC32
Private Const VIR_CONFICKER_FNAME As String = "jwgkvsq.vmx"
Code Fungsi Scan :
' hanya contoh penggunaan fungsi, hampir sama seperti FindFirst dan FindNext pada Windows API
Private Function Zip_ScanVirus(lpFileName As String) As String
Zip_ScanVirus = "" ' assume file is clean
Dim hZIP As Long
hZIP = Zip_LoadFile(lpFileName) ' buka file zip yang akan diperiksa
If hZIP <> 0 Then ' jika return bukan nol maka berhasil
Dim iLoop As Long
Dim ZipSR As TZipSearchRec
iLoop = Zip_FindFirst(hZIP, ZipSR) ' cari file pertama dalam zip
If iLoop <> 0 Then Exit Function ' jika return bukan nol maka ada kesalahan
Do
' --- BEGIN OF SCANNING ROUTINE ---
If (InStr(1, ZipSR.Name, VIR_SAMPLE_FNAME, vbTextCompare) And (ZipSR.Size = VIR_SAMPLE_FSIZE) And (ZipSR.CRC = VIR_SAMPLE_CRC32)) Then 'membandingkan crc dan ukuran
Zip_ScanVirus = "VBS/Sample" ' hasil deteksi dari scanning
iLoop = 1 ' jika ketemu threat beri nilai bukan nol untuk keluar
End If
If InStr(1, ZipSR.Name, VIR_CONFICKER_FNAME, vbTextCompare) Then 'membandingkan nama file
Zip_ScanVirus = "VMX/Conficker" ' hasil deteksi dari scanning
iLoop = 1 ' jika ketemu threat beri nilai bukan nol untuk keluar
End If
'
' YourOwnScanningRoutineHere <<
'
' --- END OF SCANNING ROUTINE ---
If iLoop = 0 Then '
iLoop = Zip_FindNext(hZIP, ZipSR) ' cari file berikutnya terus lanjutkan loop
DoEvents
End If
Loop While iLoop = 0
Zip_CloseFile (hZIP) ' jangan lupa untuk tutup file zip setelah selesai
End If
End Function
' dan yang ini untuk RAR
Private Function Rar_ScanVirus(lpFileName As String) As String
Rar_ScanVirus = "" ' assume file is clean
Dim hRAR As Long
hRAR = Rar_LoadFile(lpFileName) ' buka file zip yang akan diperiksa
If hRAR <> 0 Then ' jika return bukan nol maka berhasil
Dim iLoop As Long
Dim RarSR As TZipSearchRec
iLoop = Rar_FindFirst(hRAR, RarSR) ' cari file pertama dalam zip
If iLoop <> 0 Then Exit Function ' jika return bukan nol maka ada kesalahan
Do
' --- BEGIN OF SCANNING ROUTINE ---
If (InStr(1, RarSR.Name, VIR_SAMPLE_FNAME, vbTextCompare) And (RarSR.Size = VIR_SAMPLE_FSIZE) And (RarSR.CRC = VIR_SAMPLE_CRC32)) Then 'membandingkan crc dan ukuran
Rar_ScanVirus = "VBS/Sample" ' hasil deteksi dari scanning
iLoop = 1 ' jika ketemu threat beri nilai bukan nol untuk keluar
End If
If InStr(1, RarSR.Name, VIR_CONFICKER_FNAME, vbTextCompare) Then 'membandingkan nama file
Rar_ScanVirus = "VMX/Conficker" ' hasil deteksi dari scanning
iLoop = 1 ' jika ketemu threat beri nilai bukan nol untuk keluar
End If
' --- END OF SCANNING ROUTINE ---
If iLoop = 0 Then '
iLoop = Rar_FindNext(hRAR, RarSR) ' cari file berikutnya terus lanjutkan loop
DoEvents
End If
Loop While iLoop = 0
Rar_CloseFile (hRAR) ' jangan lupa untuk tutup file zip setelah selesai
End If
End Function
Code Untuk Memulai Scan Pada File Archive ZIP :
Dim szScanResult As String
szScanResult = Zip_ScanVirus(Text1.Text)
If szScanResult <> "" Then
Label1.Caption = "ZIP terinfeksi oleh (" + szScanResult + ") !"
Else
Label1.Caption = "ZIP is Clean !"
End If
Penjelasan :
text1.text = Lokasi File Archive ZIP
Label1.caption = Sebagai Tanda pemberitahuan Apakah File archive ZIP itu bervirus atau tidak
Code Untuk Memulai Scan Pada File Archive RAR :
Dim szScanResult As String
szScanResult = Rar_ScanVirus(Text2.Text)
If szScanResult <> "" Then
Label1.Caption = "RAR terinfeksi oleh (" + szScanResult + ") !"
Else
Label1.Caption = "RAR is Clean !"
End If
Penjelasan :
text1.text = Lokasi File Archive RAR
Label1.caption = Sebagai Tanda pemberitahuan Apakah File archive RAR itu bervirus atau tidak
Kesimpulan : Teknik Scan Archive Ini Tidak Berat Karena Kita Tidak Harus MengExtract, dan Teknik ini Sangat Cepat Untuk di terapkan di AntiVirus ^_^
Sumber DLL :
www.ansav.com
Tidak ada komentar:
Posting Komentar