I am currently working on a project to automate the process of working out what the virus signature of a file is. This will be useful for me in my work so that I can actually get Netcat onto a machine without whatever AV the client is using killing it off my USB stick. Now I know there are implementations of Netcat out there that don't get picked up as often, but it is not just netcat that I want this for. And yes, I know that there are packers and encryptors and the like out there to evade antivirus, but to me that seems like a soft option. So I am going to go along the route of brute force hex editing (as talked about here: http://packetstormsecurity.org/papers/virus/Taking_Back_Netcat.pdf
). When it finds out what section of code it is, it will tell me, I can then debug and modify that section and recompile.
So here is my issue. I want to work out a 'hands-free' way to trigger a scan of a file using whatever AV is available so that the whole process can be automated. The problem is getting feed back from the AV. Some will not allow it to execute, some will delete it, some will .... I don't know. So any pointers here would be appreciated.
PS Also, if I am wasting my time and there is a perfectly good tool out there already that I have been unable to find, please let me know (either here or by PM).