I think I remember a article posted here a long time ago about how AV
companies scan for viruses. It was written by someone who worked for one
of the AV companies. It didn’t give away any secrets. It was a really
good article but I can’t find it anymore. Does anyone remember what I am
talking about and can send me the link. Or if they know of another
article similar I would appreciate it.
Thanks
It must be a very old posting :-). Since lately I was mucking around w/some virus stuff ( actual dev etc >, I would recommend the following -
a) Get to the opensource Clam-AV, very very hands-on though fairly basics
b) Make sure you understand packing of databases ( like pkzip and others> U need it, and a crypto-enabled database it bit better
c) Cohen published quite a bit of informations and that helps too. It also provides some benign virsuses, BIT DANGEROUS
d) Search the Trusted computing initiative of Microsoft, will find interesting infos there too …
e) Kasperisky lab is on the top of documenting some of the weired virus, mainly polymorphic ones …
f) If you happen to have the filter manager of IFS kit, dont forget to read the scanner code example
Finally, one of the fairly famous company did not even change the filter driver name filespy, bit sloopy but they are good 
Wish I had two months sabatical, then I could port the Clam-AV to windows, that would be interesting, since we could use the filter manager idea
-pro