Research And Design Of Antivirus Engine

Computer virus and worm have become a threat to human beings. To fight computer virus, people develop antivirus software and hardware antivirus gateway. The performance of antivirus software and antivirus gateway is determined by the efficiency of their virus detection engine. The core algorithm of virus detection is pattern matching, which is computation intensive. Research on the pattern matching algorithm provides guideline to improve the efficiency of antivirus software and hardware.The research of this thesis is based on the wildly used open source antivirus software ClamAV. Most recent research of pattern matching hardware is targeted for Network Intrusion Detection System and Snort rules. This thesis introduce hardware pattern matching into the field of virus detection. Many improvements are made to existing pattern matching circuits to accommodate the unique feature of ClamAV virus database. Pipeline and parallel processing is used to improve the performance of the circuit. Automatic circuit generator is developed to generate pattern matching circuit from ClamAV virus rule set. This circuit generator constructs pattern matching circuit using predefined matching unit. Then the pattern matching circuit is test with latest ClamAV virus database. The test result shows that our design can process data at an input rate of 5.35Gbps, which is above average among the other design conducted by foreign researchers.