Anti-Virus Definitions & Detection. How can I make it work?

Deltact_Dev · July 25, 2020, 7:13pm

So. I had an old project named Lua Anti-Virus (LAV for short).

I asked plenty of advanced scripters before I was accepted on the forums but they had no idea how to make it work…

So. Basically, I can make definitions, it’s quite simple really. However the thing is… I’m making an advanced anti-virus. It’s not your run-of-the-mill Anti-Virus. I plan to make it detect destructive lua scripts and check their contents for any harmful code. However… how do I make a script look into scripts? (And many more scripts required. Almost nothing works currently. Still learning how to make it work…) If that’s not possible yet (probably to avoid exploits leaking source code) then how can I make my anti-virus detect malicious lua other from non-malicious scripts?

LAV Layout & Explanation of functions

EXHNUZSXkAIyYtg

Scan: The scan button is self-explanatory… scans the workplace for malicious code.
Terminate: There will be checkboxes to select which malicious scripts to delete. Press terminate and threat gone.
Warnings: A category of detected scripts that may be malicious but the LAV isn’t sure.
Viruses: A category of detected scripts that LAV thinks are malicious scripts.
Offending Scripts: When selected warning or viruses category it shows the offending scripts names and directories.
Offending Code: When selected warning or viruses category it shows the offending code that the LAV thinks or believes is malicious and what line(s) of code are malicious at certain scripts.
Info | Outcome: A description of what LAV thinks that the offending scripts are and what effect they have on the game.

Help will be heavily appreciated. For a greater future and a safer workplace. I wish this plugin becomes a reality!

RakNetProtocol · July 25, 2020, 7:17pm

Could you send me a link to this plugin, I want to check it out for myself

RakNetProtocol · July 25, 2020, 7:19pm

Oh, I didn’t realise you were making this, I’m dumb

Deltact_Dev · July 25, 2020, 7:19pm

It’s not yet released. It can’t do anything since I don’t really know how to make it work. A free version of it will be soon released after I get the scan button and the categories working which will work with basic definitions.

deluc_t · July 25, 2020, 7:37pm

Hello, creator of GameGuard Antivirus here.
You can look into scripts source by doing

script.Source

which will return the source of the script. Then, you can use string manipulation to find a certain keyword. Heres an example:

local badwords = {"require","getfenv"} -- a list of the keywords you want to detect

pcall(function() -- wrap it in a pcall
    for i,v in pairs(game:GetDescendants()) do
          if v:IsA("LuaSourceContainer") then
              for i,word in pairs(badwords) do
                     if v.Source:lower():find(word:lower()) then
                          print("Found something suspicious in "..v:GetFullName.."!") 
                    end
              end
         end
    end
end)

Written in the devforum, don’t expect it to work.

Deltact_Dev · July 25, 2020, 8:18pm

Wow thanks! I’ll be sure to try it out and fix any errors I find.

Thanks for the help a lot! I really appreciate it!

TSF_Lacker · July 26, 2020, 7:14pm

maybe also make n ignore button because sometimes you want to require scripts, so if there is a warning you can check a box to ignore