Please help me. I have a project for my faculty to design and to write the documentation for a core of an antivirus program and I don't have any idea about it.
Books, documents or tutorials about this subject. I know C for embedded and if somebody consider that I am able to help the project please tell me.

Thanks in advance.

I'll leave it to the ClamWin development team to talk about any help they need.

The core of antivirus software is matching the code in a computer file against the different patterns in a database of virus signatures maintained by virus analysts. The patterns are most commonly hexadecimal representations of certain parts of the code in a particular virus file, but MD5 hashes and other hashes can be used. If possible, the analysts try to develop "generic" signatures that will recognize an entire virus "family."

After developing the pattern matching core, antivirus software developers can then set up a heuristic module(s) to detect viruses/malware based on other analysis besides patterns. Static heuristics analyzes file headers, the use of packers/obfuscators and other hacker tools, sometimes key words, etc.

After they have the static heuristics in place, AV software developers can then set up dynamic heuristic or behaviorial modules that analyze the code in real-time to identify actions peculiar to a virus--using apropriate hooks in the operating system with "undo" capability or using a virtual environment to prevent actual infection. This is where the antivirus developers are at the present time.

It all starts with the pattern matching core.

Regards, and good luck,

https://www.google.it/search?q=aho+corasick https://www.google.it/search?q=aho+corasick

it's a good starting point it's the main algo used for multiple pattern matching (i.e. virus signatures on a file)