AVG is a leading international developer of Internet threat protection solutions for consumers, SMBs and small enterprises. Trusted by over 80 million people, protecting what’s important inside computers – music, photos, documents allowing users to bank, shop and safely .
The heart of AVG Anti-Virus is the scanning engine - you can imagine it as a "black box" into which requests to scan objects enter and the box returns information indicating if these objects are virus-free or infected.
The scanning engine includes an application interface for communication with other AVG Anti-Virus components (Resident Shield, Scans, E-mail scanner modules and plug-ins etc.) which use this service. It was created with an emphasis on AVG Anti-Virus modularity and is common for all of the mentioned components.
Efficiency in detecting infected files is guaranteed by using a combination of different detection levels. Before the scan itself, the file is pre-processed, which involves removing any parts unnecessary for virus analysis. A quick scanning process is achieved using this technique.
Known virus detection
This is the simplest technique in which files are scanned for the presence of virus identifiers (a sequence of bytes characteristic for an exact virus). Based on this kind of detection, detailed analysis is performed to identify the exact infection.
This is a more common method for the detection of known viruses and this is used to determine new variants of known viruses. If no known virus is identified, generic detection looks for sequences within the file typical for certain viruses. Such sequences usually don't change within the virus when it is modified, even if the behavior of the new variant is different. This method is effective especially in the detection of macro-viruses and script-viruses.
The last method for detecting viruses (where previously mentioned methods were not successful) is Heuristic analysis. Its skill lies in its capacity to (in some cases) detect a virus which is not included in the internal virus database. During Heuristic Analysis, two methods are used:
Static Heuristic analysis - looking for suspicious data constructions
Dynamic Heuristic analysis - code emulation: this means the file is started inside the protected environment of a virtual computer inside AVG. The file is analyzed for actions typical for viruses. An example being an application which when run looks for other executable files in order to modify them.
AVG E-mail Scanner (EMS)
E-mail scanning is supported either directly by plug-ins for certain applications (Microsoft Outlook, The Bat!) or by Personal E-mail scanner - AVG EMS works at POP3 and SMTP protocol level. EMS can also protect the e-mail communication of all other E-mail clients (for example Outlook Express).
With AVG EMS, it is possible to filter attachments by their extensions or by their content
The solution at POP3/SMTP protocol level is independent of the E-mail client used
It is possible to protect multiple e-mail accounts and to check multiple e-mail servers
SMTP authentication is supported
Secured (SSL) communication is supported
Computer scanner - ON-DEMAND scan
On-demand checking of files or system areas can be performed in three ways:
by default, the Complete Test is set to be started every day as scheduled to ensure the basic functionality of this level of protection. From the User Interface it is possible to create new Tests and to set when and what should be checked and what to do in case of infection.
Manually started Tests
It is possible to start defined Tests from the User Interface whenever required. An example would be the Selected areas scan.
Windows Explorer extension included in AVG integration into Windows
This is a simple and very quick method of checking a specific file. You can use the Windows Explorer environment by right-mouse-button clicking on the appropriate file and selecting the option "Test by AVG".
Resident Shield - ON-ACCESS scan
The Resident Shield protects the computer whenever the operating system is running. It works in the background and ensures transparent anti-virus file scanning when opening or executing files. There is also the option to scan when saving files. The Resident Shield runs automatically if a virus is detected, the Resident Shield blocks the opening or running of the infected file. The Resident shield stores information about files it has checked eliminating the need to recheck them if no modifications have been made.
Web Shield – Network Scanner
The Web Shield works for networks in the same way as the Resident Shield does for files. The Web Shield intercepts all traffic on selected ports and passes the data into several scanning engines: HTTP traffic is scanned by AVG’s Scanning Engine as well as XPL’s LinkScanner, Instant Messaging Protection allows users to define their own white and black-lists for ICQ and MSN protocols.
Anti-Rootkit technology detects malicious programs that try to hide in the system by comparing two different views of the file system and running processes. The user-level view is compared to the operating system’s kernel view and any discrepancies are reported as the possible presence of a root-kit in the system.