Static analysis + sandbox + CNS = 1 second (approx) analysis of new executables (secures all app launches,) but after first launch: caches reduce this to less than 1ms (just cost to compute caches.at(classSha2(FileBytecode())), where caches is std::map<ResultListHash, VirusAnalysisResult> or ResultList::hashes).
Clamscan (Cisco-Talos) wants a pull request for this: https://github.com/Cisco-Talos/clamav/issues/1206#issuecomment-2075538621
You can repurpose/use `cnsAnalysis()` on your own code (as a static analysis tool,) plus `disinfectionCns()` for your own code (to produce fixes).
Updated to version https://github.com/SwuduSusuwu/SusuLib/blob/cf7c14f821fd3484046e92d265e3a7fb589c08b1/posts/VirusAnalysis.md
Source code is much improved. Some paths were moved.
Lots to do. You can use https://github.com/SwuduSusuwu/SubStack/tree/experimental?tab=readme-ov-file#Sponsor to sponsor this
This post is an updated version of https://swudususuwu.substack.com/p/howto-produce-better-virus-scanners (which was deprecated due to the poor choice of slug.)