How does server defender scan scripts?

I want to make a simple antivirus plugin. In a script, server defender makes a windows that you can click to scan the script. Does it just read the script name or does it check its contents? How does it know when you’re selecting a script? How does it read its contents (if it does at all).
Could anyone explain?

I think it just looks at script source and searches for require

I have a anti-virus plugin and it works by searching for any blacklisted-tokens such as, getfenv, loadstring, setfenv

Neutron.rbxmx (118.2 KB)

local function ScanScript(container: LuaSourceContainer): {}
	local src = container.Source -- get the script's source
	local threats = {} -- store all of the threats found here
	local blacklistedTokensFound = {}

	local lines = src:split('\n') -- get all the lines

	for _, token in BlacklistedTokens do -- loop over all the blacklisted tokens
		if src:find(token) then
			table.insert(blacklistedTokensFound, token) -- insert the token to blacklistedTokenFound
	for _, token in blacklistedTokensFound do
		table.insert(threats, {
			threat = Enums.Threats.ForbiddenToken;
			details = '(' .. token .. ')';
		}) -- insert a ForbiddenToken threat to threats table
	if (#lines == 1 and #src > 30) then -- if theres only 1 line and more than thirty-characters
		table.insert(threats, {
			threat = Enums.Threats.Obfuscation;
			details = '';
		}) -- insert a Obfuscation threat to the threats table

	return threats -- return all the threats found in the script
1 Like

first off I’d recommend checking out roblox creator documents on how to use and make plugin’s. Second when you’re used to and understand the basics of plugin’s you can use selected.Source to check a scripts source code


Doesn’t that just change the script’s content?

You can use myScript.Source to view or change the contents of a script

1 Like

It will return a string that is both readable and editable

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.