Hello, I have a question which is not directly related to device drivers. I am mostly interested in how the anti virus companies implement their virus database, and how does this database communicates with the driver, and still give a very good performance, hence the great FS activity. For example Norton Antivirus processes each file when a IRP_MJ_DIRECTORY_CONTROL request is performed, and pbably each file is scanned, compared to a database, and passes or not.
What I want to know is how such a database is implemented, to work very fast with high FS activity. Can it be something like SQLite or it should be something driver implemented and driver indexed, or driver just comunicates with user mode app to make such queries in database.
If you have any references or know about such an implementation please give me some feedback or links.
Thank you.