So you know, an antivirus program can block access to a link, say an .exe download, before your browser can even access the file.
I suppose it can be done on OS level. I need to do something like that on Windows, with Rust.
Is there any suggestion where should I start to look?
Thank you.
There's a couple of ways that antivirus programs check .exe downloads on Windows:
- By integrating with the Attachment Manager API, which I think is done by implementing the
IOfficeAntivirusCOM interface. This is severely undocumented but might be achievable in Rust. This is all user-space so at least if anything goes wrong, you just crash a few programs. - By writing a filesystem minifilter driver. This is better documented, but rather complicated, and if something goes wrong you crash your whole machine and possibly corrupt the filesystem. Writing Windows drivers in Rust is not really supported, but seems to be possible.
1 Like