At the heart of all Trend Micro
antivirus products lies a proprietary scan engine. Originally developed in response
to the first
computer viruses the world had seen, the scan engine today is exceptionally sophisticated.
It is
capable of detecting Internet worms, mass-mailers, Trojan horse threats, and network
exploits, as
well as viruses. The scan engine detects threats known to be:
-
IN THE WILD or actively circulating
-
IN THE ZOO or controlled viruses that are not in circulation
In addition to having a long history in the industry, the Trend Micro scan engine has also proven in test after
test to be one of the fastest—whether checking a single file, scanning 100,000 files
on a desktop
machine, or scanning email traffic at the Internet gateway.
Rather than scan every byte of every file, the engine and pattern file work together
to
identify not only telltale characteristics of the virus code, but the precise location
within a
file where the virus would hide. When it detects a virus, the virus can be removed
and the
integrity of the file restored.
The scan engine includes an automatic clean-up routine for old virus pattern files
(to help
manage disk space), as well as incremental pattern updates (to help minimize bandwidth).
In addition, the scan engine is able to decrypt all major encryption formats
(including MIME and BinHex). The scan engine recognizes and scans common compression
formats
including .Zip, .Arj, and .Cab. Most Trend Micro
products also allow the product administrator to determine how many layers of compression
to scan
(up to a maximum of 20), for compressed files contained within a compressed file.
It is important that the scan engine remain current. Trend Micro ensures this in two ways:
-
Frequent updates to the scan engine’s data-file, called the virus pattern file, can be downloaded and read by the engine without the need for any changes to the engine code itself.
-
Technological upgrades in the engine software prompted by a change in the nature of virus threats, such as the rise in mixed-threats like SQL Slammer. In both cases, updates can be automatically scheduled, or the security administrator can handle them manually. International computer security organizations, including the International Computer Security Association (ICSA) annually certify the Trend Micro scan engine.