Schematic representation of file structures before and after virus infections

<p dir="ltr"><a href="https://github.com/Gagniuc/Antivirus-Engines" rel="noreferrer" target="_blank">Schematic representation of file structures before and after virus infections</a>. A) Overview of a typical file highlighting the 4Kb size. The last 300 bytes of this region are depicted in yellow for clarity. B) A representation of an infected file where the virus has replaced portions of the original content. Notably, no insertions or deletions are involved, leading to the infected file maintaining the same length as its uninfected counterpart. C) An illustration of a file post-infection, where the virus has introduced insertions, resulting in an overall increase in file size. D) A portrayal of an infected file where the virus induces deletions, leading to a reduced file size compared to the original. E) A more nuanced depiction of a real-world virus attack. Here, the virus modifies the file header and subsequently appends its body to the end of the file. To combat this form of infection, a disinfection strategy is proposed where two specific regions of the original file, the beginning and the end—are saved to the JSON. Both regions utilize a 300-byte subregion to align and subsequently determine the relative positioning of the two segments post-infection. Readers are urged to consider these visualizations as general models, and real-world cases may involve more complex patterns of infection and structural alterations.</p><p dir="ltr"><b>References</b></p><p dir="ltr">Paul A. Gagniuc.<i> </i><a href="https://shop.elsevier.com/books/antivirus-engines/gagniuc/978-0-443-32952-4" rel="noreferrer" target="_blank"><i>Antivirus Engines: From Methods to Innovations and Applications</i></a><i>,</i><i> </i>Elsevier, Syngress, 2024, pp. 1-656.</p>