User Guide
AntiViral Toolkit Pro
- 22 -
3. AVP Inspector for Web Servers™ Principles Of
Operation
AVP Inspector for Web Servers™ works by calculating cyclic redundancy
check (CRC) values for disk sectors and files, saving these values to a database
(table) and then comparing the current CRC values with the previous values
stored in the database. The database also holds additional information such as the
size, creation and last modification dates of files, file attributes and data
necessary to enable files that have changed (by being infected by a virus) to be
repaired.
AVP Inspector for Web Servers™ also records and with each subsequent
run checks certain significant operating system and hardware characteristics: the
amount of available DOS memory and the number of installed hard drives. On each
subsequent run the program checks that these values have not changed.
3.1 Tests Performed By AVP Inspector for Web
Servers™
When AVP Inspector for Web Servers™ is run for the very first time it
saves the DOS memory size, the address of the INT 13h handler and creates
tables for controlled drives.
During subsequent runs AVP Inspector for Web Servers™ performs the
following tests:
• the disk directory tree is verified. New and changed directories are
scanned.
• files are checked. New, deleted, renamed, moved and modified files are
scanned for changes in size, date and time of creation and last
modification, and file CRC.
3.2 Analysis Of Changes On Disk
All the changes that are detected within files and disk sectors are analyzed
and categorized as harmless or suspicious. AVP Inspector for Web Servers™
provides information about all changes it detects. You can view this information
in a dialog box or save it to disk for later viewing. In case of suspicious changes
which may indicate the presence of a virus AVP Inspector for Web Servers™
issues a virus attack warning.