Thread: [AntiVirus Function]CheckForVirusSignature

This function check if the signature of the virus, if you find delete or erase (always suggest that you delete the file) ... I hope you enjoy:

//by Vitrix
function CheckForVirusSignature(FileName : string;Sig : array of byte;DeleteVirus : Boolean) : boolean;
//STRING FileName
//Local do arquivo a ser checado
//ARRAY OF BYTE Sig
//Esta é a assinatura do vírus
//BOOLEAN DeleteVirus
//Se encontrar virus, deleta o arquivo, caso seja falso o programa NOPa a assinatura
var
hFile : THandle;
szBuff : Byte;
dwTemp : DWORD;
dwSize : DWORD;
i : DWORD;
ii : DWORD;
iii : DWORD;
Count : DWORD;
Label
CleanUp;
begin
Result := false;
hFile := CreateFileA(PChar(FileName), GENERIC_READ or GENERIC_WRITE, FILE_SHARE_READ or FILE_SHARE_WRITE, nil, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); //Cria o arquivo
if (hFile = INVALID_HANDLE_VALUE) then Goto CleanUp; //Em caso de erro
dwSize := GetFileSize(hFile, nil); //Pega o tamanho do arquivo
if (dwSize = INVALID_FILE_SIZE) then Goto CleanUp;
for i := 0 to dwSize do begin //Loop para checar todos os bytes
SetFilePointer(hFile, i, nil, 0);
ReadFile(hFile, szBuff, 1, dwTemp, nil); //Lê o primeiro em i
if ((szBuff = Sig[0]) and (i + sizeof(Sig) >= dwSize)) then begin //Se os primeiros bytes da assinatura forem iguais aos lidos e couber a assinatura
for ii := 0 to sizeof(Sig) do begin
SetFilePointer(hFile, i + ii, nil, 0);
ReadFile(hFile, szBuff, 1, dwTemp, nil);
if (szBuff = Sig[i]) then begin
Inc(Count);
end;
end;
if (Count = sizeof(Sig)) then begin
//Achamos o virus!
if (not DeleteVirus) then begin
DeleteFile(FileName);
end else begin
for iii := 0 to sizeof(Sig) do begin
SetFilePointer(hFile, i + iii, nil, 0);
szBuff := $90; //NOP
WriteFile(hFile, szBuff, 1, dwTemp, nil);
end;
end;
end;
end;
end;
return := true;
CleanUp:
CloseHandle(hFile);
end;