Inside AV engines?

["Jeroen" <jeroen () isvet nl>]

For penetration testing on Wintel system, I often use netcat.exe and stuff
like pwdump. More and more I need to disable anti-virus services before
running the tools to avoid alarms and auto-deletion of the applications. It
works but it isn't an ideal situation since theoretically a network can be
infected while the AV-services are down. Recompiling tools is an option
since the source of many tools I use is available. The question is (before I
burn useless CPU cycles): can someone help me getting info about the inside
of AV engines? Will addition of some rubbish to the code do the trick (->
other checksum), do I need to change some core code or is it a mission
impossible anyway? Who can help for example getting some useful research
papers on the subject of detecting viruses and how to bypass mechanisms
used? Any help will be appreciated.


Greets,

Jeroen



------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on your 
website. Up to 75% of cyber attacks are launched on shopping carts, forms, 
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are 
futile against web application hacking. Check your website for vulnerabilities 
to SQL injection, Cross site scripting and other web attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------