EZ Antivirus // Clean, Safe, Easy script cleanup

Got some suggestions for you:

  • Show the whole ancestry tree of each script instead of just saying “Parent: Folder” maybe instead like, “Parent: workspace.NotAVirus.Folder”, this may help us find an easy path to it.
  • A UI overhaul, from the looks of your UI there’s a limit on how much stuff can be found as the size of the ScrollingFrame is absolute instead of reactive. The ScrollingFrame’s size should be dependent on if every GuiObject inside of it fits.
  • Automatically put scripts that call require() and getfenv() on the quarentine list, but if they’re allowed scripts never call on them again. I saw one antivirus that quarentined every script that called require but not getfenv, which can be used to call require in multiple ways without being detected.
  • If the script it’s currently sifting through has been searched already at a different time, let’s say last time you accessed studio, it will not quarantine it again as you have already told it that the script was fine.
  • Do NOT have a whitelist key. I see you have a value called DoggetyOn and this is bad. If this opensourced and anyone can see this they can just name their scripts that and it will never be found.
  • Also do note that when on studio you’re allowed to access Script.Source

If you want to compete with other antivirus’s offer more than they do.

3 Likes

Thank you for taking the time to respond. A few features you may have missed while reading my post.

  • Right Mouse button automatically directs you to the script in explorer
  • V1.0.3 reads scripts line by line and searches for require() currently. This currently uses Script.Source

In the next update I will look into getfenv() and the whitelist key that you brought up.

Thank you again for expressing your ideas. If you would like to follow patch notes. I update the main post under the “Updates” label at the bottom of the page.

1 Like

this list should be expanded to every single accessible service in studio, I’ve personally seen a lot of viruses hiding in NonReplicatedCSGService, I really do not remember the name, but it was something along the lines of that.

1 Like

I’ll take a look. I appreciate your concern and suggestions

Well… It sort of is an anti-virus, it detects malicious scripts and you give the ok do destroy them. Lots of malicious scripts have the bad code hidden in the script and you might miss it.

Thanks to everyone who has supported the plugin. I just released an update that will now check more cases. IF you would like more information look under the “Updates” tab on the main post.

I appreciate everyone for expressing their concerns with the plugin and will continue to add more as time goes on.

This seems like a great plugin! However, I already have the ro defender plugin and I’m wondering how different it is from that.

Also, when it scans does it scan every script in the game or just the scripts in Workspace or ServerScriptService?

The script checks more than Workspace and ServerScriptService.

2 Likes

checking script names is a pretty bad technique these days since virus makers can just change the name to something not in your library, maybe look for obfuscated code by searching for one line scripts?

1 Like

With the release of version 1.0.3 I added a method that not only checks against the name of the script. But reads the script line by line to search for backdoors. Scrips that use require() passed with an assetId or getfenv() will now be detected. I with 1.0.4 I added scripts that are children of RotateG to the watch list as well.

1 Like

neat. What exactly does the Quarantine actually do?

1 Like

The quarantine function will remove the scripts that are found under the red box on the right side. That way the user can choose what scripts they want removed.

1 Like

I mentioned the UI thing beforehand, but thought I’d touch up on it and be more specific.

Size of ScrollingFrames Relative to the amount of children inside of them

  • This could be preferred over a fixed size for bigger games. You can do this by detecting the Position and Size of all of the children, if the child’s position (and/or size is getting out of the UI) then change the parent’s scrolling limit to be the child’s y position plus it’s y size.

Panic button

  • Let’s say for some reason a free model you added and you thought it was safe because it doesn’t use require() or getfenv() but it was still dangerous because you didn’t check it prior to letting it through the system. You should be able to quarantine all scripts found in the game to find that one specific (or even possibly find even more dangerous scripts) and delete it. Another way to put this is to remove the currently stored scripts that have been whitelisted by the developer and initiate a check immediately when said Panic button is clicked.

More checking locations

  1. NonReplicatedCSGDictionaryService (and CSGDictionaryService), this isn’t commonly used but it’s better to be safe than sorry.
  2. ABTestService
  3. RuntimeScriptService, perhaps, I do not know if you can add children to this but it has functions, events, and properties inherited from the Instance class.
  4. StarterPlayerScripts
  5. VRService
1 Like

Thank you for your response. I have been planning on doing a UI overhaul. But am also caught up in another project at the moment. Next update I will look into beautifying the plugin.

Until then. Why fix what aint broke :slight_smile:

2 Likes

Thank you for your incredibly detailed response. With the next update I will have reworked the entire UI. Currently each element is created and placed through script so I can most likely drop this method and create a beautiful UI to go along with the plugin (And also fix the scrolling frames).

I do not completely understand the use of the panic button you suggested. If all scripts in the game are quarantined how would the user find out which one is causing issues?

The reason scripts that are disabled show up in another window. Is so users can disable their own scripts and catch any unwanted scripts in their game.

I will also look into the checking locations you suggested. Thank you again for your response.

-Doggity

I watch the code source and it’s very basic, check if there is getfenv or require in the script

1 Like

You might want to update or read above. The release of 1.0.4 involves using getfenv in its search. Re-read through the module script labeled “Doggity” lines 13-15 and 100-111 for this feature.

you should add insertservice detection as it is an easy SS / backdoor