病毒:一个特殊计算机程序.
对于病毒的查杀都是基于特征码的识别.杀毒软件都需要有一个病毒信息的数据库.常用病毒数据库2000万条
杀毒引擎: 一套复杂高效的数据库查询算法.
- 提取文件特征码 1秒
- 查询特征码是否在数据库里面 8秒
就是根据文件的特征码去病毒数据库中查询,如果能找到就说明这个文件是一个病毒
病毒的查杀
下面以一个文件的MD5编码后的签名来判断是否是病毒
public class AntiVirusActivity extends Activity {
private ImageView iv_scan;
private PackageManager pm;
private TextView scan_status;
private ProgressBar pb;
private LinearLayout ll_container;
private List<PackageInfo> virusInfos;
@Override
protected void onCreate(Bundle savedInstanceState) {
super.onCreate(savedInstanceState);
setContentView(R.layout.activity_anti_virus);
iv_scan = (ImageView) findViewById(R.id.iv_scan);
RotateAnimation ra = new RotateAnimation(0, 360,
Animation.RELATIVE_TO_SELF, 1.0f, Animation.RELATIVE_TO_SELF,
1.0f);
ra.setDuration(800);
ra.setRepeatCount(Animation.INFINITE);
ra.setRepeatMode(Animation.RESTART);
iv_scan.startAnimation(ra);
pb = (ProgressBar) findViewById(R.id.progressBar1);
scan_status = (TextView) findViewById(R.id.scan_status);
ll_container = (LinearLayout) findViewById(R.id.ll_container);
pm = getPackageManager();
virusInfos = new ArrayList<PackageInfo>();
new AsyncTask<Void, Object, Void>() {
@Override
protected Void doInBackground(Void... params) {
// 检查应用程序的签名 是否在病毒数据库里面.
try {
Thread.sleep(500);
List<PackageInfo> infos = pm
.getInstalledPackages(PackageManager.GET_UNINSTALLED_PACKAGES
| PackageManager.GET_SIGNATURES);
pb.setMax(infos.size());
int total = 0;
for (PackageInfo info : infos) {
Signature[] signatures = info.signatures;
// 得到应用程序的签名信息, 用签名来判断
String sign = signatures[0].toCharsString();
String md5 = MD5Utils.encode(sign);
String result = VirusDao.findVirsu(md5);
if (result != null) {
publishProgress(info, true);
virusInfos.add(info);
} else {
publishProgress(info, false);
}
total++;
pb.setProgress(total);
Thread.sleep(40);
}
} catch (InterruptedException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return null;
}
@Override
protected void onPreExecute() {
scan_status.setText("正在初始化双核杀毒引擎...");
super.onPreExecute();
}
@Override
protected void onPostExecute(Void result) {
scan_status.setText("扫描完毕!");
iv_scan.clearAnimation();
if (virusInfos.size() > 0) {
AlertDialog.Builder builder = new Builder(
AntiVirusActivity.this);
builder.setTitle("发现病毒");
builder.setMessage("是否立刻清理?");
builder.setPositiveButton("确定", new OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
for (PackageInfo info : virusInfos) {
Intent intent = new Intent();
intent.setAction(Intent.ACTION_DELETE);
intent.setData(Uri.parse("package:"
+ info.packageName));
startActivity(intent);
}
}
});
builder.setNegativeButton("取消", new OnClickListener() {
@Override
public void onClick(DialogInterface dialog, int which) {
// TODO Auto-generated method stub
}
});
builder.show();
}
super.onPostExecute(result);
}
@Override
protected void onProgressUpdate(Object... values) {
PackageInfo packinfo = (PackageInfo) values[0];
Boolean result = (Boolean) values[1];
scan_status.setText("正在扫描:"
+ packinfo.applicationInfo.loadLabel(pm));
TextView tv = new TextView(getApplicationContext());
tv.setTextSize(16);
if (result) {// 发现病毒
tv.setTextColor(Color.RED);
tv.setText("发现病毒程序:"
+ packinfo.applicationInfo.loadLabel(pm));
} else {
tv.setTextColor(Color.BLACK);
tv.setText("扫描安全:" + packinfo.applicationInfo.loadLabel(pm));
}
ll_container.addView(tv, 0);
super.onProgressUpdate(values);
}
}.execute();
}
}
- 邮箱 :charon.chui@gmail.com
- Good Luck!