Checking engine

The heart of AVG Anti-Virus is the checking engine - you can imagine it as a "black box" into which requests to check objects enter and the box returns information indicating if these objects are virus-free or infected.

The checking engine includes an application interface for communication with other AVG Anti-Virus components (Resident Shield, Tests, E-mail scanner modules and plug-ins etc.) which use this service. It was created with an emphasis on AVG Anti-Virus modularity and is common for all mentioned components.

Detection methods

Efficiency in detecting infected files is guaranteed by using a combination of different detection levels. Before the check itself, the file is pre-processed, which involves removing any parts unnecessary for virus analysis. A quick scanning process is achieved by this technique.

• Known virus detection
  This is the simplest technique in which files are checked for the presence of virus identifiers (a sequence of bytes characteristic for an exact virus). Based on this kind of detection, detailed analysis is performed to identify the exact infection.
• Generic detection
  This is a more common method for the detection of known viruses and is used to determine new variants of known viruses. If no known virus is identified, generic detection looks for sequences within the file typical for certain viruses. Such sequences usually don't change within the virus when it is modified, even if the behavior of the new variant is different. This method is effective especially in the detection of macro-viruses and script-viruses.
• Heuristic analysis
  The last method for detecting viruses (where previously mentioned methods were not successful) is Heuristic analysis. Its skillfulness lies in its capacity to (in some cases) detect a virus which is not included in the internal virus database. During Heuristic Analysis, two methods are used:
  • Static Heuristic analysis - looking for suspicious data constructions
  • Dynamic Heuristic analysis - code emulation: this means the file is started inside the protected environment of a virtual computer inside AVG. The file is analyzed for actions typical for viruses. An example being an application which when run looks for other executable files in order to modify them.

Detection levels

AVG E-mail Scanner (EMS)

E-mail checking is supported either directly by plug-ins for certain applications (Microsoft Outlook, Eudora, The Bat!) or by Personal E-mail scanner - AVG EMS works at POP3 and SMTP protocol level. EMS can also protect e-mail communication of all other E-mail clients (for example Outlook Express). Each E-mail client plug-in can be individually configured to have its own testing configuration including the language definition for certification texts.

• With AVG EMS, it is possible to filter attachments by their extensions or by their content
• The solution at POP3/SMTP protocol level is independent of the E-mail client used
• It is possible to protect multiple e-mail accounts and to check multiple e-mail servers
• SMTP authentication is supported

Tests - ON-DEMAND check

On-demand checking of files or system areas can be performed in three ways:

• Scheduled Tests
  By default, the Complete Test is set to be started every day as scheduled to ensure the basic functionality of this level of protection. From the User Interface it is possible to create new Tests and to set when and what should be checked and what to do in case of infection.
• Manually started Tests
  It is possible to start defined Tests from the User Interface whenever required. An example would be the Removable Media Test.
• Windows Explorer extension included in AVG integration into Windows
  This is a simple and very quick method of checking a specific file. You can use the Windows Explorer environment by right-mouse-button clicking on the appropriate file and selecting the option "Test by AVG".

Resident Shield - ON-ACCESS check

Resident Shield protects the computer whenever the operating system is running. It works in the background and ensures transparent anti-virus file checking during file opening, executing and optionally during file saving. Resident Shield runs automatically. If a virus is detected, Resident Shield denies opening or running of the infected file. Resident shield stores information about files it has checked eliminating the need to recheck them if no modifications have been made.

Update

It is vital for successful virus detection to keep your AVG installation up-to-date. AVG Anti-Virus offers you several ways to keep it up-to-date, including a fully automated update process. The availability of update files is guaranteed even when maximum requests to download updates are sent to our servers. We distribute our update files using a professional worldwide server network service.

Main Features

• small update files (the size is from tens of KB)
• rare requirements to restart computer after the update
• regular updates are released 2 times every week, priority updates are released whenever it is necessary (whenever a new virus is being spread)
• possibility to schedule or manually perform an update by the level of its urgency
• proxy server authentication support
• registered users can receive information about new updates through the AVG UPDATE e-mail conference
• update files are available even during periods of high demand for downloads

Options for how to update

• automated detection of internet connection (if you are using Dial-up connection) and successive update
• detection of existence of new update file included in scheduled tasks (AVG Anti-Virus and AVGADMIN)
• manual download of new update file from Internet
• manual update from a folder