EZ Antivirus // Clean, Safe, Easy script cleanup

C3RB · May 17, 2020, 7:53pm

I agree completely. The feedback given on this post is exactly what I needed to start taking steps in the correct direction.

Thank you all who have replied with your concerns.

brokenVectors · May 17, 2020, 7:55pm

The videos you have provided don’t seem to load, when i copy link address it leads me to https://devforum.roblox.com/404.

C3RB · May 17, 2020, 7:56pm

I’m not sure why the uploaded videos have been removed. I can assume there are moderation steps taken before videos are displayed.

If the videos are not working in an hour. I will attempt to re-upload them

C3RB · May 17, 2020, 8:47pm

I re-uploaded the video using imgur. They should be working now.

OptimisticSide · May 18, 2020, 6:45pm

Are there any advantages that this plugin has, as compared to other virus-removing plugins?

C3RB · May 19, 2020, 7:01pm

The first thing that comes to mind is the built-in user interface. Most current antivirus plugins do not offer a graphical interface. But only match names and remove scripts automatically. Luckily this plugin lets you pick and choose what scripts might be causing errors or problems in this game. In V1.0.3 I updated the search to read each script individually to pick up possible malicious functions or methods used in them.

alexinite · May 19, 2020, 7:27pm

Got some suggestions for you:

Show the whole ancestry tree of each script instead of just saying “Parent: Folder” maybe instead like, “Parent: workspace.NotAVirus.Folder”, this may help us find an easy path to it.
A UI overhaul, from the looks of your UI there’s a limit on how much stuff can be found as the size of the ScrollingFrame is absolute instead of reactive. The ScrollingFrame’s size should be dependent on if every GuiObject inside of it fits.
Automatically put scripts that call require() and getfenv() on the quarentine list, but if they’re allowed scripts never call on them again. I saw one antivirus that quarentined every script that called require but not getfenv, which can be used to call require in multiple ways without being detected.
If the script it’s currently sifting through has been searched already at a different time, let’s say last time you accessed studio, it will not quarantine it again as you have already told it that the script was fine.
Do NOT have a whitelist key. I see you have a value called DoggetyOn and this is bad. If this opensourced and anyone can see this they can just name their scripts that and it will never be found.
Also do note that when on studio you’re allowed to access Script.Source…

If you want to compete with other antivirus’s offer more than they do.

C3RB · May 19, 2020, 7:35pm

Thank you for taking the time to respond. A few features you may have missed while reading my post.

Right Mouse button automatically directs you to the script in explorer
V1.0.3 reads scripts line by line and searches for require() currently. This currently uses Script.Source

In the next update I will look into getfenv() and the whitelist key that you brought up.

Thank you again for expressing your ideas. If you would like to follow patch notes. I update the main post under the “Updates” label at the bottom of the page.

UnlimitedKeeping · May 23, 2020, 5:34pm

this list should be expanded to every single accessible service in studio, I’ve personally seen a lot of viruses hiding in NonReplicatedCSGService, I really do not remember the name, but it was something along the lines of that.

C3RB · May 23, 2020, 9:33pm

I’ll take a look. I appreciate your concern and suggestions

Wizzardofaz · May 23, 2020, 11:25pm

Well… It sort of is an anti-virus, it detects malicious scripts and you give the ok do destroy them. Lots of malicious scripts have the bad code hidden in the script and you might miss it.

C3RB · June 1, 2020, 9:30pm

Thanks to everyone who has supported the plugin. I just released an update that will now check more cases. IF you would like more information look under the “Updates” tab on the main post.

I appreciate everyone for expressing their concerns with the plugin and will continue to add more as time goes on.

Jagerzdxx · June 2, 2020, 10:15am

This seems like a great plugin! However, I already have the ro defender plugin and I’m wondering how different it is from that.

Also, when it scans does it scan every script in the game or just the scripts in Workspace or ServerScriptService?

PancakelsHim · June 2, 2020, 4:23pm

C3RB:

The plugin does a search on all decendants in the GAME not just the workspace

List of seached directories

	local checkTable = {
		workspace, 
		game.ReplicatedStorage, 
		game.ReplicatedFirst,
		game.Players, 
		game.Lighting,
		game.ServerStorage,
		game.ServerScriptService,
		game.StarterGui, 
		game.StarterPack, 
		game.StarterPlayer,
		game:GetService("SoundService"),
		game:GetService("Chat"),
		game:GetService("LocalizationService"),
		game:GetService("TestService"),
	}

The script checks more than Workspace and ServerScriptService.

AAzterr · June 2, 2020, 5:50pm

checking script names is a pretty bad technique these days since virus makers can just change the name to something not in your library, maybe look for obfuscated code by searching for one line scripts?

C3RB · June 2, 2020, 8:03pm

With the release of version 1.0.3 I added a method that not only checks against the name of the script. But reads the script line by line to search for backdoors. Scrips that use require() passed with an assetId or getfenv() will now be detected. I with 1.0.4 I added scripts that are children of RotateG to the watch list as well.

AAzterr · June 2, 2020, 8:05pm

neat. What exactly does the Quarantine actually do?

C3RB · June 2, 2020, 8:12pm

The quarantine function will remove the scripts that are found under the red box on the right side. That way the user can choose what scripts they want removed.

alexinite · June 11, 2020, 6:39pm

I mentioned the UI thing beforehand, but thought I’d touch up on it and be more specific.

Size of ScrollingFrames Relative to the amount of children inside of them

This could be preferred over a fixed size for bigger games. You can do this by detecting the Position and Size of all of the children, if the child’s position (and/or size is getting out of the UI) then change the parent’s scrolling limit to be the child’s y position plus it’s y size.

Panic button

Let’s say for some reason a free model you added and you thought it was safe because it doesn’t use require() or getfenv() but it was still dangerous because you didn’t check it prior to letting it through the system. You should be able to quarantine all scripts found in the game to find that one specific (or even possibly find even more dangerous scripts) and delete it. Another way to put this is to remove the currently stored scripts that have been whitelisted by the developer and initiate a check immediately when said Panic button is clicked.

More checking locations

NonReplicatedCSGDictionaryService (and CSGDictionaryService), this isn’t commonly used but it’s better to be safe than sorry.
ABTestService
RuntimeScriptService, perhaps, I do not know if you can add children to this but it has functions, events, and properties inherited from the Instance class.
StarterPlayerScripts
VRService

C3RB · June 12, 2020, 7:37pm

Thank you for your response. I have been planning on doing a UI overhaul. But am also caught up in another project at the moment. Next update I will look into beautifying the plugin.

Until then. Why fix what aint broke