UAD

The UAD tool solves two difficult problems, identification and decomposition. Decomposition of a file to it's smallest indivisible parts (universal atomic disintegration using classical Greek language meanings) is a difficult problem. First the program must have infallible identification of the file in order to decompose it. This is not a problem for UAD which identifies the file by direct examination of it's contents. Most decomposition tools assume the contents of a file by it's filename. If the file is named "xyz.zip" the decomposition tool will assume that the file is a "zip" compresses composite file. UAD does not make any assumptions. This also allows UAD to identify data in a byte stream where filename information may not exist. This is important in a network environment.

Secondly, decomposition is critical to proper pattern analysis. There is no value in virus scanning a compressed, composite or encoded file since the encapsulating technology will hide the contents from examination. This is why UAD is able to decompose email, including attachments in uuencode and mime formats. It is also able to decompose tar, gnu gzip, pkzip, zip2exe, Unix compress and other formats. UAD will continue decomposition recursively until every part of the file has been decomposed into a state that is known to be a terminus (atomic state) or has been decomposed into an unknown format. Most unknown formats are already in the atomic state or are moot.

A benefit of the UAD system besides it's uses for virus scanning is its ability to decompose many formats of encapsulated file. This can save a lot of time when the file format is not directly compatible with the system on which it resides. The user just executes UAD with the file he wishes to decompose and UAD performs the rest. Unfortunately, many times when a user uses a tool other than UAD to decompose a file into its parts the tool will place the decomposed files in multiple places on the system. UAD solves this problem by forcing the current working directory to be the top level directory for the purposes of decomposition. This allows a user or system administrator to have full control over the installation of a new program without "splating" programs and data all over the system in an uncontrolled way.