CA2264816C - Anti-virus agent for use with databases and mail servers - Google Patents

Anti-virus agent for use with databases and mail servers Download PDF

Info

Publication number
CA2264816C
CA2264816C CA002264816A CA2264816A CA2264816C CA 2264816 C CA2264816 C CA 2264816C CA 002264816 A CA002264816 A CA 002264816A CA 2264816 A CA2264816 A CA 2264816A CA 2264816 C CA2264816 C CA 2264816C
Authority
CA
Canada
Prior art keywords
mail
attachment
mail messages
computer
virus
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CA002264816A
Other languages
French (fr)
Other versions
CA2264816A1 (en
Inventor
Chia-Hwang Chen
Chih-Ken Luo
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cheyenne Software International Sales Corp
Original Assignee
Cheyenne Software International Sales Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cheyenne Software International Sales Corp filed Critical Cheyenne Software International Sales Corp
Publication of CA2264816A1 publication Critical patent/CA2264816A1/en
Application granted granted Critical
Publication of CA2264816C publication Critical patent/CA2264816C/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F7/00Methods or arrangements for processing data by operating upon the order or content of the data handled
    • G06F7/02Comparing digital values
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/564Static detection by virus signature recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/566Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities

Abstract

A software agent (110) for detecting and removing computer viruses located in attachments to e-mail messages. A client-server computer network includes a server computer and a plurality of client computers. A message system (130), located at the server computer, controls the distribution of e-mail messages. An anti-virus module (120), located at the server computer, scans files for viruses. The agent (110) is located at the server computer and provides an interface between the anti-virus module (120) and the message system (130). The agent can operate both on a real-time basis and at preset period intervals. E-mail messages that are sent internally within the network can be scanned, e.g., Intranet e-mail messages. In addition, e-mail messages received over the Internet can be scanned.

Description

W0 98/10342U!10.4U1CA 02264816 1999-03-04PCT/US97/15661ANTI-VIRUS AGENT FOR USE WITH DATABASES AND MAIL SERVERSField of InventionThe present invention is directed to a software programand interface to detect and remove computer viruses, andin particular, to a system and method for detecting andremoving computer viruses in database file and e-mailattachments.Copyright NoticeA portion of the disclosure of this patent documentcontains material which is subject to copyrightprotection. The copyright owner has no objection to thefacsimile reproduction by anyone of the patent documentor patent disclosure as it appears in the Patent andTrademark Office patent file or records, but otherwisereserves all copyright rights whatsoever.Background of the Invention9 computer virus is a computer program written to alter,without authorization, the way a computer operates.SUBSTITUTE SHEET (RULE 26)WO 98110342101520253035CA 02264816 1999-03-04PCT/US97/156612Similar to a biological virus, a computer virus canreproduce itself by attaching to other files.To be a computer virus, a program need meet only twocriteria. First, it is executable, often placing someversion of its own code in the path of execution ofanother program. Often a computer virus executes itself.Second, it replicates itself. For example, a virusprogram may copy itself to other executable files or todisks that the user accesses. Many computer virusesattach themselves to other executable files.Viruses are transmitted when an infected file is copied;downloaded or used. Viruses can invade workstations(including desktop computers and laptop computers) andnetwork servers alike.Many viruses, when executed, cause damage to an infectedcomputer or network server. some viruses are programmedto damage the computer by corrupting programs, deletingfiles, or reformatting the hard disk. If a virus doescause damage, the damage will vary depending upon theparticular virus infecting the computer. In general,viruses can do the following damage to a computer: hangthe computer, erase files, scramble data on the harddisk, attack the File Allocation table, attack thepetition table, or format the hard disk.other viruses are just nuisances, continually reproducingthemselves, or outputting text, video or audio messages.can create problemsEven these benign viruses, however,for the computer user because they typically take upcomputer memory used by legitimate programs. As aresult, they often cause erratic behavior and can resultin system crashes. In addition, many viruses are bug-ridden, and the bugs may lead to system crashes and dataloss.WO 98110342101520253035CA 02264816 1999-03-04PCTIUS97/15661Personal computer viruses can be classified according tohow the virus is transmitted and how it infects thecomputer. Boot sector viruses infect the system area ofthat is, the boot record on floppy diskettes andAll floppy diskettes and hard disksa disk —hard disks.(including disks containing only data) contain a smallprogram in the boot record that is run when the computerstarts up. Boot sector viruses attach themselves to thispart of the disk and activate when the user attempts tostart up from the infected disk. Accordingly, bootsector viruses overwrite the disks original boot sectorwith its own code so that the virus is always loaded intothe virusmemory before anything else. Once in memory,can make the startup disk unusable or can spread to otherdisks.master boot sectionsector on the hard disk.programs when an infected program is run.Master boot sector viruses overwrite the disks(partition table) which is the firstFile viruses infect otherFile virusesThey do notFilemust be executed in order to become active.remain in memory, so they do not infect the system.(such as.EXE,viruses attach themselves to executable files.COM,These virusesexecutable files with extensions such as.OVL, .DLL, .DRV, .SYS, .BIN, and .BAT.)often change the file attribute information and the filesize, time and date information. Memory resident virusesload themselves into memory and take over control of theoperating system. Like file viruses, memory residentviruses attach themselves to executable files.Multipartite viruses combine the characteristics ofmemory resident, file and boot sector viruses.A recent type of virus, the macro virus, is written inthe macro language of a specific computer program, suchThus,Macro viruses infect files andas a word processor or spreadsheet. a macro viruscan reside in documents.can become memory resident when executed. They can beW0 98/10342l01520253035CA 02264816 1999-03-04PCT/US97/1566111run when the program document is accessed or triggered bycertain user actions, such as specific keystrokes or menuchoices. Macro viruses can be stored in files with anyextension and are spread via file transfer, even by e-mail. Although in the past documents have not normallybeen infected by the previously discussed types ofviruses, any application which supports macros thatautomatically execute is a potential platform for macroviruses. Because documents are now widely shared throughnetworks and over the Internet, even more so than thesharing of diskettes were in the past, document—basedviruses are likely to become more prevalent.Even though the creation of a virus is a deliberate act,viruses are usually introduced into computers andcorporate networks inadvertently when innocent users copyor download infected files onto the computer or network.Traditional anti-virus software is designed to detect andremove computer viruses. Viruses are detected by anti-virus software in two basic ways: through a full scan ofa hard drive or in real-time as each file is accessed.Most anti-virus software provide both these features.Additionally, anti-virus programs can be instructed toscan one or more user-selected files or directories offiles.Full and real-time scans detect known viruses usingsignature codes (like virus fingerprints) which identifya program as a virus. some anti-virus software also useadvanced techniques (such as polymorphic detection) toidentify potential viruses and check memory and systemfiles for viruses.Existing anti-virus products work fine when floppy disksare the main instruments for importing data into aWO 98/10342101520253035CA 02264816 1999-03-04PCT/U S97] 156615computers memory. However, in recent years, electronictransfers have become a common way to exchange data inelectronic form. Not surprisingly, electronic transfersalso have become a major virus threat. Existing anti-virus technology does not safeguard against all possiblemethods by which viruses can be introduced into andspread within a computer network.Many corporations have computer networks to allow sharing‘of programs and data and for exchanging messages. withnetworking, enterprise computing and intra—organizational(e.g., using client-server networks and peer-to-peer networks, local areacommunications on the increase,networks and wide area networks) viruses can easilyspread throughout the organizations computer system,infecting many computers. And because data exchange isthe very reason for using these solutions, a virus on onecomputer in the enterprise is far more likely tocommunicate with and infect other computers than wouldhave been true a few years ago. Moreover, many intra-organizational networks have electronic links to externalcomputer networks (such as the Internet, proprietaryonline services and bulletin boards). Such links enableelectronic data and computer programs (including thosethat may be infected with a computer virus) to beintroduced into the organizations network. (According tothe National Computer Security Association (NCSA), over70% of corporate networks are virus infected.) Exposureto virus transmission from network node to node is acostly threat to enterprise data integrity as well asproductivity.Of particular concern in relation to the transmission ofcomputer viruses is electronic mail (e—mail). There is agrowing use of e-mail to communicate within anusing a local area network) and to(e.g.,communicate externally (e.g.,organizationover the Internet withWO 98/10342101520253035CA 02264816 1999-03-04PCT/US97ll 56616computer users located at remote locations). E-mailmessages may include attached files containing, forsound,example executable programs, formatted documents,video, etc. It will be appreciated that an attachment toan e—mail message may contain a file infected with acomputer virus. Thus, for example, an e—mail messagereceived over the Internet may contain as an attachment aMicrosoft word document infected with a Word Macro virus;an e—mail message broadcast on the local area network bya project manager to her many team members may contain anattachment also infected with a virus.Because any type of file may be attached to an e-mailmessage, it is often difficult for virus protectionsoftware to determine how to handle the attachment.Further, typical e~mail systems store all e—mail messageson a mail server in proprietary file formats, regardlessof the format of the attached file. All messagese.g.some e-received by one user may be stored as a single file,"inbox.msg", on a central mail server. Moreover,mail programs use proprietary encryption. It is saidthat scanning e—mail attachments from inside a LAN isvery difficult because e—mail programs like cc mail,Microsoft Exchange and Davinci encrypt e—mail for privacyreasons. Thus, the formats, algorithms and datastructures used by e—mail programs make it difficult todevelop anti-virus programs that prevent the spread ofviruses in e-mail attachments.It is an important goal of anti-virus programs to detecta virus as soon as possible, before damage is done or thevirus is distributed to infect other computers. Manyvirus detection programs, for example, do not scanoutgoing e—mail messages for viruses, thus allowing thepotential spread of a virus to other computers. Commonlyused anti-virus program do not scan draft e—mail messagesthat are created but not sent (i.e., an e-mail messageW0 98/ 103421015253035CA 02264816 1999-03-04PCTIUS97/156617created and stored for later editing and/or sending).Virus detection software directed to e-mail may only scancertain e-mail attachments on the happening of certainThus, there is a need to detectdetermined events.viruses at any and every time a virus possibly may enteror spread within an e-mail system.Several products claim to scan for viruses in attached e-mail files. For example, “ScanMail for cc:Mail"distributed by Trend Micro Incorporated, can scan e-mailattachments received over the Internet. This program isa proxy type software that replaces the original postoffice with its own proxy post office (where virusand routes clean e-mail to theThus,checking takes place)original e-mail post office after virus checking.e—mails received from outside the network are firstscanned prior to entry into the system post office.(ScanMail is said to protect an internal LAN byintercepting and isolating viruses at the cc:Mail PostOffice before the virus reaches a workstation.) However,this architecture does not enable the scanning ofIntranet e-mail messages. Messages that are sent andreceived internally never reach the proxy post office andso are never scanned. Accordingly, users may transmitviruses via e-mail internally within the organization.ScanMail is incapable of detecting viruses in e-mailattachments that originate within and stay within a LAN.Another product that purports to scan for attachments toe-mail is Interscan Viruswall distributed by Trend MicroDevices, Inc.. when installed on a UNIX InternetInterscan Virus wall is intended to interceptworld wideweb downloads and uploads and transfers of data betweengateway ,and scan e-mail attachments, FTP transfers,in-house PCS or LANS and the outside world. InterscanViruswall consists of an FTP proxy server for gatewaytraffic and a Simple Mail Transfer Protocol (SMTP) proxyWO 98/10342.101520253035CA 02264816 1999-03-04PCT/US97/156618server for e-mail. As with the ScanMail application, theInterscan Viruswall program is only capable of scanninge-mail attachments that pass through the Internetgateway; it is incapable of scanning e-mail attachmentsthat are being transferred internally within the LAN.Furthermore, since the Interscan application runs on thegateway and scans individual packets, it may not besufficiently efficient to detect polymorphic viruses orcompressed files if the files are larger then one packetsize on the network.A product called Antigen distributed by Sybari transferse—mail attachments to a third party virus scanner fordetection of virus. However, Antigen is incapable ofreattaching the e-mail attachment back to the e-mailmessage if a virus is discovered and cured. Although theAntigen software will provide the third party softwarewith the e-mail attachment, the attachment inside thesystem will remain infected because there is nointegration between the Antigen software and the thirdparty software to enable the third party software to curethe virus in the e-mail attachment.Some virus detection programs for e-mail programs operateon the client side and scan e-mail messages sent to auser whenever the user opens his or her mailbox. Such asystem has a number of inefficiencies. The virusdetection program must be loaded onto each clientcomputer; thus if there are 250 workstations, the virusdetection program must be loaded 250 times. If oneworkstation is missed, a virus may not be detected.Further, the scanning takes place on a deferred basiswhen the user opens his or her mailbox. If the user isan infrequent e-mail user, then many messages may need tobe scanned on opening of the mailbox. Infected e-mailmessages may reside undetected for long periods inunopened mailboxes, and possibly be spread to other usersWO 98/10342101520253035CA 02264816 1999-03-04PCT/U S97/ 156619by means of automated rules that automatically forwardreceived e—mail meeting certain characteristics.Accordingly, there is a need for a computer program thatcan scan and remove computer viruses in e-mailattachments, without causing detriment to the attachmentto the e-mail message, for all e-mail messages, includinge-mail messages that are internal within the systembetween users on the same mail server), that are(e.g.,sent over or received from an external e-mail system, orare drafted and stored in the e-mail server but are neversent.There is an additional need for a centralized system forscanning e-mail messages for viruses that does notrequire anti-virus software to be loaded on allworkstations in a network.Summary of the InventionIn the representative embodiment, the present inventionis a software program (called herein the agent) used inconjunction with anti-virus software to detect and removecomputer virus that may be in e-mail attachments.The agent computer program of the present inventiondetaches the e-mail attachment from the e-mail message,(and ifcauses any detected computer viruses to becauses it to be scanned for computer virusesrequired,removed), and then reattaches the attachment back to thee-mail message. The present invention operates correctlyfor all e-mail messages, including (a) e-mail messagesthat are internal within the system (called hereinIntranet e-mail), (b) e-mail messages that are sent overor received from an external e-mail system (called hereinInternet e-mail), and (c) e-mail messages that aredrafted and/or stored in the e-mail system and are yet toW0 98/10342101520253035CA 02264816 1999-03-04PCT/U S97] 1566]be sent.It will be appreciated that the agent of the presentinvention operates from within the mail system, ratherthan as a firewall or proxy post office, enablingIntranet e—mail attachments to be scanned.Accordingly, the present invention will ensure that alle-mail messages will be scanned to protect the internale-mail system.Moreover, once a virus is detected and removed from theattachment, the attachment is still a useful part of thee-mail message and can be handled by the e-mail system asnormal.Advantageously, the present invention operates on theserver side rather than at the client side. Thus, theagent need only be loaded once, at each mail server,rather than on each workstation or PC of the network.e-mail messages can be scanned and disinfectedThus,Further,regardless of the users e-mail use. if the user ison vacation and receives many e-mail messages, someinfected with viruses, these will be scanned anddisinfected so that upon the users return, his or hermailbox will contain only virus-free e-mail messages.The efficiency of such an approach can be seen whenanalogizing with real world mail delivery. If one wishedto scan all letters that are mailed for bombs, it is moreefficient to have a scanning machine at the central mailexchange that continuously scans all letters as they aresorted, rather than having a scanning machine at eachpersons home that scans once a day after the letters aredelivered.In the representative embodiment, the agent browses1015202530CA 02264816 2005-02-2460298-38811through any attachments to e—mail messages that originatewithin the client network or are received from an externalnetwork, detaches any such attachments from the database ormailbox, and sends these attachments to an integrated orstand alone anti—virus application. The agent can reattachthe attachment to the e-mail message after treatment by theanti—virus application.Additionally, the agent of the present inventioncan operate at the server level, thus centralizing virusdetection operations. E—mail for a user can be scanned forviruses without the need for the user to login to theFurther,network. the scanning of e—mail attachments cantake place on a regular, periodic basis, rather than merelyupon the sending, receiving or reading of the e—mailmessage.The present invention provides an applicationprogram interface that can be centrally administered from anetwork server and that need not be installed at everyworkstation connected to the centrally administered server.The agent of the representative embodiment isdesigned to be generic to and compatible with many e—mailand database systems.In addition to scanning on a periodic basis, thepresent invention includes real-time scanning capabilitiesthat will scan e—mail attachments for viruses upon receiptof a new e—mail message.The invention may be summarized according to oneaspect as in a computer network having a client—serverarchitecture and a message system, a server—based method fordetecting and removing computer viruses located inattachments to e—mail messages comprising the steps of:1015202530CA 02264816 2005-02-2460298-388llaproviding a scan time period; at the server, searching themessage system to obtain a list of attachments to e—mailmessages received at the message system within the previousscan time period; at the server, passing each attachment inthe list of attachments to an anti-virus detection modulefor computer virus scanning; at the anti-virus detectionmodule, detecting and removing computer viruses in eachattachment in the list of attachments; and at the server,re-attaching each attachment to the e—mail messages.According to another aspect the invention providesin a client—server computer network having a mail server, amethod for detecting and removing computer viruses locatedin attachments to e—mail messages comprising the steps of:A. setting a scan time period; B. at the server, searchingthe mail server to obtain a list of attachments to e—mailmessages input to the mail server within the previous scantime period; C. at the server, detecting and removingcomputer viruses in each attachment in the list ofattachments; and D.at the server, re-attaching eachattachment to the e—mail messages in the mail server.According to another aspect the invention providesin a client—server computer network having a mail server, amethod for detecting and removing computer viruses locatedin attachments to e—mail messages comprising the steps of:A. obtaining a scan time period; B. searching the mailserver to create a list of attachments to e—mail messagesthat were input to the mail server within the previous scantime period; C. passing each attachment in the list ofattachments to an anti-virus detection module for computervirus scanning and removal; D. re-attaching each attachmentto the e—mail messages in the mail server after scanning andremoval of computer viruses at the anti-virus detectionl015202530CA 02264816 2005-02-2460298-388llbmodule; and E. repeating steps B. through D. each scan timeperiod.According to another aspect the invention providesin a client—server computer network having a plurality ofworkstations and a server, the server including a messagesystem, a server—based method for detecting and removingcomputer viruses located in attachments to e—mail messages,comprising the steps of: receiving an e—mail message at themessage system; upon receipt of the e—mail message,determining whether the e—mail message includes anattachment; if the e—mail message includes an attachment,passing the attachment to an anti-virus detection module forcomputer virus scanning; at the anti-virus detection module,detecting and removing computer viruses in the attachment;and re-attaching each attachment to the e—mail messages.According to another aspect the invention providesin a first computer network having a plurality of nodes, thefirst computer network configured to operate an e—mailsystem for sending and receiving among the plurality ofnodes a plurality of e—mail messages, a sub-set of theplurality of e—mail messages having at least one attachmentassociated therewith, a method for detecting and removingcomputer viruses from the attachments to the plurality of e—mail messages, the method comprising the steps of: detachingthe at least one attachment from each of the sub-set of theplurality of e—mail messages; sending the at least oneattachment to an anti-virus application; scanning the atleast one attachment for the at least one computer virus inaccordance with the anti-virus application; removing the atleast one computer virus from the at least one attachment;and reattaching the at least one attachment to acorresponding one of the plurality of e—mail messages.1015202530CA 02264816 2005-02-2460298-388llcAccording to another aspect the invention providesin a first computer network having a plurality of nodes, thefirst computer network configured to operate an e-mailsystem for sending and receiving a plurality of e-mailmessages among the plurality of nodes, a subset of theplurality of e-mail messages having at least one attachmentassociated therewith, a method for detecting and removing atleast one computer virus from the at least one attachment,the method comprising the steps of: detaching the at leastone attachment from each of the plurality of e-mailmessages; determining whether the at least one attachment isinfected with the at least one computer virus; removing theat least one computer virus from the at least oneattachment; and reattaching the at least one attachment to acorresponding one of the plurality of e-mail messages.According to another aspect the invention providesa system for detecting computer viruses located inattachments to e-mail messages in a client-server computernetwork including a server computer and a plurality ofclient computers and a message system located at the servercomputer for controlling the distribution of e-mailan anti—virus module located at themessages, comprising:server computer for scanning files for viruses; and an agentlocated at the server computer, the agent providing aninterface between the anti—virus module and the messagesystem, and including means for receiving a scan timeperiod, means for searching the message system to obtain alist of attachments to e-mail messages received at themessage system within the previous scan time period, meansfor passing each attachment in the list of attachments tothe anti—virus module for computer virus scanning, and meansfor re-attaching each attachment to the e-mail messages.1015202530CA 02264816 2005-02-2450298-38811dAccording to another aspect the invention providesin a first computer network having a plurality of nodes andconfigured to operate an e—mail system for sending andreceiving among the plurality of nodes a plurality of e—mailmessages, a sub—set of the plurality of e—mail messageshaving at least one attachment associate therewith, a systemfor detecting and removing computer viruses from theattachments to the plurality of e—mail messages, the systemcomprising: means for detaching the at least one attachmentfrom each of the sub—set of the plurality of e—mailmessages; means for sending the at least one attachment toan anti—virus application; means for scanning the at leastone attachment for the at least one computer virus inaccordance with the anti—virus application; means forremoving the at least one computer virus from the at leastone attachment; and means for reattaching the at least oneattachment to a corresponding one of the plurality of e—mailmessages .According to another aspect the invention providesin a first computer network having a plurality of nodes andconfigured to operate an e—mail system for sending andreceiving a plurality of e—mail messages among the pluralityof nodes, a subset of the plurality of e—mail messageshaving at least one attachment associated therewith, asystem for detecting and removing at least one computervirus from the at least one attachment, the systemcomprising: means for detaching the at least one attachmentfrom each of the plurality of e—mail messages; means fordetermining whether the at least one attachment is infectedwith the at least one computer virus; means for removing theat least one computer virus from the at least oneattachment; and means for reattaching the at least onel015202530CA 02264816 2005-02-2480298-388lleattachment to a corresponding one of the plurality of e—mailmessages.According to another aspect the invention providesa real-time system for detecting computer viruses located inattachments to e—mail messages in a client-server computernetwork including a server computer and a plurality ofclient computers, a message system being located at theserver computer for controlling the distribution of e—mailmessages and including a plurality of mailboxes, the real~time system comprising: an anti—virus module located at theserver computer for scanning files for viruses; and an agentlocated at the server computer, the agent providing aninterface between the anti—virus module and the messagesystem and invoked whenever an e—mail message is forwardedto a mailbox, and including means for determining if an e-mail message includes an attachment, means for detaching theattachment from the e—mail message, means for enabling theanti—virus module to scan the attachment for computerviruses, and means for re—attaching each attachment to thee—mail messages.According to another aspect the invention providesan anti—virus agent for use in a client-server computernetwork having a server computer including a mail serverwith e—mail messages and a plurality of client computers,the anti—virus agent assisting in the detection of computerviruses located in attachments to e—mail messages,comprising: means for setting a scan time period; means,located at the server computer, for searching the mailserver to obtain a list of attachments to e-mail messagesinput to the mail server within the previous scan timeperiod; means for passing each attachment in the list ofattachments to an anti—virus detection module for computervirus scanning and removal; and means, located at the serverCA 02264816 2005-02-2460298-388llfcomputer, for re—attaching each attachment to the e—mailmessages in the mail server.These and other advantages and features of thepresent invention will become readily apparent to thoseskilled in the art after reading the following detaileddescription of the invention and studying the accompanyingdrawings.W0 98l10342101520253035CA 02264816 1999-03-04PCT/US97/ 1566112Brief Description of the DrawinqsFig. 1~is a block diagram of a network architecture onwhich the present invention can operate.Fig. 2 is a diagram of modular communications between thepresent invention and an e—mail system.Fig. 3 is a flow chart detailing the operation of thepresent invention.Detailed DescriptionReferring now to the drawings, and initially Fig. 1,there is illustrated a computer network being a localarea network (LAN) 100 that is configured to run an agentprogram 110 of the present invention.As described herein,local area network having a client/server architecture.the present invention operates on aHowever, the present invention is not limited to such anetwork or architecture, and can, for example, easily beadapted to run on, for example, a peer-to-peer network orwide area network. Further, the agent program can beintegrated into or created as part of other programs,such as network operating systems, e-mail programs and/orvirus detection programs.The network 100 comprises a server 20, a plurality ofpersonal computers (PC)Internet gateway 40, all of which are coupled together10 and workstations 30, and anvia communication line 15. As stated above, this networkconfiguration is merely illustrative as an example of thetype of network architecture that is capable of runningthe agent of the present invention. The server 20 andthe personal computers 10 may be programmed to run aparticular e—mail or database programs, such as the LotusW0 98/103421O1520253035CA 02264816 1999-03-04PCT/US97/1566113Notes program or the Microsoft Exchange program. Eachpersonal computer typically includes an input device 16(e g., keyboard, mouse, etc ), an output device 12 (e g.,a monitor), a processor 13 and a memory 14; likewise,workstation 30 may also include an output device 32, aninput device 36, a processor 35 and a memory 34.Further, gateway 40 provides the network 100 with accessto an external computer network, such as, for example,the Internet 42. The agent 110 of the present inventionis configured to be compatible with both the e—mail andthe database applications that are provided to server 20.For the purpose of clarity of description, in the exampleused herein, the agent 110 of the representativeembodiment of the present invention is intended to scanattachments to files and messages generated within, sentfrom or received by the Lotus Notes program. Forconvenience, the term “e—mail message" will be used todescribe all types of files, messages, broadcasts andcommunications used within, sent from or received by amail server, such as, for example, the Lotus Notesprogram, or a database program that allows forattachments. The agent 110 of the present invention canalso operate with other network mail and databaseprograms that allow for e—mail message attachments suchas, for example, Microsofts Exchange program, Lotusscc:mail, and BeyondMail. Additionally, the agent 110 canoperate with public folders and public forums (e.g.,areas where one user posts a message capable of beingviewed by all other users.)Fig. 2 illustrates the software components that, in therepresentative embodiment, are executed by server 20.The representative application executed by the server 20for the purpose of illustration is the Lotus Notesprogram. A Lotus Notes server program 130 is configuredW0 98/10342101520253035CA 02264816 1999-03-04PCT/US97/1566114within server 20 to transmit and receive files and e-mailmessages from and to the various other nodes in LAN 100,including Internet gateway 40. One or more databases 140(herein a Lotus Notes database 140) stores the e-mailmessages that have been received, sent, drafted orstored. (In Lotus Notes, every database is treated as afile.)along with such messages in the Lotus Notes database 140.Attachments to the e-mail messages are storedThe mail server 130 and the database 140 together can beregarded as a message system. The nodes of the network(e.g , 10, 30) may include client—side mail programsinteracting with the mail server 130, allow a userthat,to create, read, send, store and edit e-mail messages.An anti—virus application 120 scans files for viruses andcan remove viruses from any infected file. In therepresentative embodiment, the anti-virus application 120is the InocuLAN program, available from CheyenneSoftware, Inc. of Roslyn Heights, New York. The InocuLANprogram can be regarded as comprising two submodules,namely a local scanner module and a job service module.The InocuLAN program is used as the user interface forthe agent 110, e.g.,take place and to report results of scans.to set the times when a scan is toThe agent 110 detaches and forwards any e-mail messageattachments to the anti-virus software application 120.Fig. 3 shows a flow diagram corresponding to theoperation of the agent 110 of the present invention inconjunction with the anti-virus software application 120.Although the agent 110 of the present invention isgeneric to both databases and e-mail systems, for thesake of simplicity, the following discussion shalldiscuss only the scanning of e-mail messages.it is assumed that a complete scan of all e-mail messagesFurther,(i.e., all attached files for all databases and mailW0 98/10342101520253035CA 02264816 1999-03-04PCT/US97/1566115boxes) is to take place. In step 200, the agent 110determines whether an attachment is present in an e—mailmessage. If an attachment does not exist, then the Agent110 determines in step 240 whether the entire mail system140 has been scanned. If the entire mail system 140 hasbeen scanned, then the agent 110 ceases operation. If,however, the entire mail system 140 has not been scanned,then the agent 110 proceeds to the next e—mail message(step 235). If an attachment is present in an e—mailmessage, the agent 110 detaches the attachment (step205), and it sends the attachment to the anti-virusapplication 120 (step 210). If the anti-virusapplication 120 does not detect the presence of a virusin the attachment (step 215), then the agent 110reattaches the attachment to the original e—mail message(step 220).If, however, the anti-virus application 120 detects thepresence of a virus in the attachment, then an alert isgenerated (step 245). Such an alert may be configured inseveral ways. For example, the alert may comprise asystem-wide text message that is transmitted to every PC10 or workstation 30 in LAN 100 or to the networkadministrator, or the alert may instead comprise amessage that is delivered to the network node thatoriginated or received the infected attachment. Aftersuch an alert is generated, the anti-virus application120 may (if so configured) delete the infected attachment(step 250). If so, the attachment is deleted (step 255).After step 255, the agent 110 determines if the entiremail system 140 has been scanned (step 260). If so, thenthe process has reached an end (step 230). If the entiremail system 140 has not been scanned, then the agent 110proceeds to the next e—mail message (step 235).If the infected attachment is not to be deleted in step250, then the anti-virus application 120 cures the101520253035CA 02264816 1999-03-04%97/15661 IPEAIUS 2 2 JAN 199916infected attachment if possible (step 270). If cured,the attachment is then reattached (step 220), and theagent 110 proceeds to the next e-mail message, if any.The agent 110 is capable of processing e-mail messagesthat originate within LAN 100 (including Intranet e-mailmessages) or that enter LAN 100 from the Internet throughgateway 40 (Internet e-mail messages).The InocuLAN program 120 will alert specified individualsvia the e-mail system or via Cheyenne Software, Inc.'sAlert Generic Notification system to warn users so as tostop the virus from spreading. The InocuLAN LocalScanner and Job Service work conjunctively with the agent110 to perform virus scanning and curing within themessage system and to ensure a virus free environment.The following is a pseudo-code description of a libraryof APIs that can be used to implement the agent 110 ofthe present invention. The agent 110 can be regarded asThe agent 110 ofthe representative embodiment can be used in conjunctiona high level, generic library of APIs.with both the Lotus Notes and Microsoft Exchangeprograms. The agent 110 utilizes the Lotus Notes APIset, the Microsoft Exchange API set and MAPI to assist inits functions, e.g., to browse, detach and re-attach thee-mail attachment. These Lotus and Microsoft APIs arepublished, and a skilled programmer will understand howthey can be configured to interact with the agent 110.The agent 110 is thus a set of APIS that can be used byan anti—virus application 120 to communicate with a mailserver program 130.In the following pseudo-code, “MDA" is a term that meansmail database agent. “UID” is a unique or universalidentifier used to identify an e-mail message. Thisexample assumes the LAN is using the Windows NT networkoperating system.ALBDEDQIEETWO 98/10342101520253035CA 02264816 1999-03-04PCT/US97ll566l1 7MDAConnectAgentO: Establishes a connection to the Messaging Agent.Called before any MDA API calls that require an <agent_id > as an input parameter.lnput:Windows NT server name.Name of Messaging Agent.Windows NT login name of user.The name of the profile used for login (for Exchange Server only).The password used to login with the above user_id and userl’rofile.Output:<agent_id > which is the returned connectionlD that can be used by later APIcalls to trace the current connection instance.MDADisconnectAgentO: Disconnect the current connection to the Messaging AgentCalled after each MDA session to free the resource.Input:< agent_id >MDAGetAgentlnfoO: Get the Messaging system vendor information from the AgentMay be called anytime between a MDAConnectAgentO and a MDADisconnectAgent0.lnpuu< agent_id >size of buffer pointed to by <vendor>Output:<vendor> , which is information about the Messaging system the Agent talked to.MDAOpenDatabase0: Open the Lotus Notes database or Exchange Information Store.Called first to get a valid dbhandle. All other MDA API calls that require dbhandle canthen be called. MDAScanAllFindFirstO or MDAScanDatabaseFindFirst 0 will implicitlyopen information store.Input:< agent__id ><dbname> which is the input Lotus Notes database name to be opened; forMicrosoft Exchange set to null.< istoreUlD> which is the UlD of the Exchange Information Store to be opened;SUBSTITUTE SHEET (RULE 26)1O1520253035CA 02264816 1999-03-04WW5‘)?/15661IPEA/US 2 2 JAN 199918for Lotus Notes set to null.Output:< dbhandle >MDACloseDatabase(): Close an opened Lotus Notes Database or Exchange InformationStore. Called to release the allocated resource.Input:< agent_id >< dbhandle >MDAEnumObjects(): Enumerate the subobjects within a container. For Exchange andLotus Notes, there are three layers of objects, namely Agent, Mailbox/Public IStore, andMessages. When < input_object_type> is MDA_OBJECT_AGENT, returns a list ofMailboxes and Public Istores. When <input_object_type> isMDA_OBJECT_MAILBOX or Istore, returns a list of messages within it.May be called anytime between a MDAConnectAgent() and a MDADisconnectAgent().Input:< agent_id >< input_object_type> -- the type of the input_object to enumerate. Possiblevalues are MDA_OBJECT_AGENT, MDA_OBJECT_MAILBOX andMDA_OBJECT_INFORAM'I‘IONSTORE.The display name of the input_object.The UID of the input object, for Exchange only.The size of the buffer.Output:The type of the returned object.A buffer containing a list of the display name of the sub_objects, terminated by adouble NULL.The number of bytes returned in the above buffer.A buffer comprising a list of the UID of the sub-objects.The number of bytes returned in the above buffer.MDAGetA11MsgUids(): Get a list of message UIDs for all the messages in theopenedMailbox or Information Store.AMENDED SHEETCA 02264816 1999-03-04W0 98/103-42 PCT/US97/1566119Input:< agent_id ><dbhandle>The size of the UID buffer.5 Output:A buffer comprising a list of message UlDs of the messages within the Mailbox orlnformation Store.The number of bytes returned in the above buffer..10 MDAGetObjectPropertyO: get the desired property of the specified object15202530MDAScanAllFindFirst(): Scan the whole message system and return a list of allattachment files stored in the system received after the time stamp specified by<start_time>. lf <start_time> is zero, all will be scanned. Will first scan the PublicInformation Store and then the Private lnformation Stores. This API will cause a firstInformation Store to be opened and a dbhandle is to be returned in the AFILE. May becalled anytime between a MDAConnectAgentO and a MDADisconnectAgent0_ but notwithin any other active scan sequence. This API call is not made while there is an activedbhandle. A MDACloseFindHandleO must be called to terminate a scan session.lnput:< agent_id ><start_time> which is the scan starting time.Output:<handle> which is a search handle returned to the caller of the current scan, forthe purpose of tracing all the scan sequence.<afile> which is the first attachment information found in the system.MDAScanAllFindNextO: Get the next attachment information structure of the currentscan. Call made within a MDAScan session. This API call may cause an InformationStore to be closed and another lnformation Store to be opened.lnput:< agent_id ><handle>Output:W0 98/103421O15202530CA 02264816 1999-03-04PCT/US97ll566l20<afile> which is the next attachment information found in the system.MDACloseFindHandleO: close the current search handle ~- will terminate the currentscan. Called with an active handle. Can be called after a MD/\ScanAllFindFirstO,MDAScan/»\llFindNextO, MDAScanDatabaseFindFirst() or MDAScanDatabaseFindNextO.Input:< agent_id ><handle>MD/\ScanDatabaseFindFirstO: scan a specific information Store and return a list of all theattachment files stored there. May be called anytime between a MDAConnect.~\gentO anda MDADisconnectAgentO, but not within any other active scan sequence.lnpnt:< agent_id ><path > which is the path name of the Lotus Notes database to be scanned --used only for Lotus Notes, otherwise set to NULL< istoreUID> which is the UID of the information Store to be scanned -- usedonly for Exchange, otherwise set to NULL.< start__tin1e >Output:_ 4<hand|e><afile> which is the first attachment found in the store.MDAScanDatabaseFindNext02 Get the next attachment information structure of thecurrent scan. This API call made within a MDAScan session.May be called anytime between a MDAConnectAgent() and a MDADisconnectAgentO.lnput:< agent_id >< handle >Output:<afile> which is the next attachment found in the system.MDADeleteFileO: Delete the temporary file created for detach the attachment and clearthe attachment. If filePath is not NULL, delete the file specified by it. If afile orWO 981103421015202530CA 02264816 1999-03-04PCT/US97ll566l21attachlnfo is not NULL then go to the message and remove the attachment from it. Maybe called anytime between a MDAConnectAgentO and a MDADisconnectAgentO.Input:< agent_id ><afile> which comprises the attachment information; the dbhandle of currentinformation store is also comprised in it.<filePath> which is the path of the temporary file.MDAExtractFileO: Extract the content of the attachment to a temporary file. May becalled anytime between a MDAConnectAgentO and a MD.-\DisconnectAgentO.lnput:< agent_id >< afile>Output:< filePath >MDAAttachFileO: Attach a file to an existing attachment. May be called anytime betweena MD/-\Connect.-\gentO and a MDADisconnectAgentO.lnput:< agent_id ><afile>< filePath >MDAGetMaillnfoFromAFileO: Attach a file to the attachment. May be called anytimebetween a MDAConnectAgentO and a MDADisconnectAgentO.lnput:< agent_id >< afile >Output:<mail > which is information about the message containing the attachment. Abunch of pointers point to the buffer where the actual data resides.<buffer> comprising output information.The size of the buffer above.WO 98/1034291015202530CA 02264816 1999-03-04PCT/U S97/ 1566122MDAGetAttFileCountFromMessageoz Get a list of attachment Files of .1 certain messagespecified by the messagelD. May be called anytime between :1 MDAConnect.-\gentO anda MDADisconnectAgentO.Input:< agent_id ><dbhandle><messageUlD> which is the UID of the message.Output:A list of attachment file names in that message.The size of the above.MDASendMail(): Send mail to a specific user. May be called anytime between aMDAConnectAgentO and a MDADisconnectAgentO.Input:< agent_id >< dbhandle >Message UIDThe mailbox name to open.The receiver of the message.The sender of the message.The message subject.The message body.MDAGetErrorO: Get error information from the agent. May be called anytime between aMDAConnectAgentO and a MDADisconnectAgent0.MDAGetMsgTime0: Get the delivery time stamp of a specific message. May be calledanytime between a MDAConnectAgentO and a MDADisconnectAgent0.input:< agent_id >< dbhandle><msgUlD> used by Exchange to locate the message within the mailbox.Output:The timestamp.WO 98/1034210152O2530CA 02264816 1999-03-04PCT/US97/15661MDAGetOwnerName(): Get the owner name of a certain attachment tile. M."i_\' be calledanytime between 21 MD.;\ConnectAgentO and a MDADisconnectAgentO.lnput:< agent_id >< afile>Output:The name of the owner.MDAEstimateAttFilesO: Estimate the size and number of attachment files with time stamplater than <start__time> in server. May be called anytime between aMDAConnectAgent0 and a MDADisconnect.~\gentO.Input:< agent_id >< stari_‘time >Output:The total number of attachment files.The sum of the size of all attachment files.MD.-’\SetDetachedDirO: Set a temporary directory to be the detached directory. May becalled anytime between a MDAConnectAgentO and a MDADisconnectAgentO.lnput:<agent_id >The detach directory path to be created.MDAFreeResource(): Free the resources allocated for a specific UID. Currentlysupported for Exchange only.Input:< agent_id >< uid >Return:flags for success and system error.W0 98/10342101520253035CA 02264816 1999-03-04PCT/US97/1566124Scanning of e-mail attachments can take place either on ascheduled basis or a real—time basis. when scanning forviruses is on a scheduled basis, a user, utilizing theanti-virus application 120, specifies the time intervalat which scanning should take place, e g., every 10minutes, every hour, etc. E-mail received at the mailserver program 130 within the previous time interval isno scanning takesscanned. If no new mail is received,place. Thus, when scanning takes place is under thecontrol of the anti-virus application 120.Real-time scanning will scan an e~mail message each timeit is "received" by a user, regardless of whether or notthe user is connected to the mail server program 130 andregardless of whether the user reads or accesses the e-If no mail is received, no scanning takesmail message.place.Thus, no user log-on to a PC 10 or workstation 30 isnecessary to trigger the operation of the agent 110 ofthe present invention.In the representative embodiment of the present‘invention, the real-time scanning capability isimplemented and described below for Microsoffs ExchangeIt provides the real—time scanningThat is,the agent 110 isServer program.capability for Exchange Server. once an e-mailmessage is forwarded to a mailbox,immediately invoked. The agent 110 will then detach theattached files if any, and send these files to anti-virusapplication 120 for scanning.the anti—virus application 120 can cure the virus andIf a virus is detected,call the agent 110 to reattach the affected files.The real-time APIS (described below) include a "call-back" capability. The anti-virus application 120provides a call-back function to the agent 110. when theW0 98/ 10342101520253O35CA 02264816 1999-03-04PCTlUS97/ 1566125agent 110 finds something that is of interest to theanti—virus application 120 (in this case, an e-mailmessage with an attachment) the agent 110 notifies theanti-virus application 120: in the representativeembodiment, the agent detaches the attachment andprovides the file name of the attachment to the anti-virus application 120 to enabling scanning of theattachment.The following pseudo-code describes the APIs for thereal-time operation of the present invention in relationto Microsoft's Exchange program:FunctionsRTConnectAgent0;RTDisconnectAgentO;RTGetErrorO;RTSetDetachedDirO;RTSetCallbackFunctionO;RTStartupNotification0;RTShutdownNotification0;RTSetExcludeFileExtensiono;RTConnectAgentO :Establish a connection to the Real~time Messaging Agent. Calledbefore any MDA API calls that require an <agent__id > as an input parameter.Input:< server_name >Windows NT server name.< agent_name >Name of the Messaging Agent.< user_id >The Windows NT login name of the user.< userProfile >The name of the profile used for login.< password >CA 02264816 1999-03-04W0 98/10342 PCT/US97/156612 6The password used to login \vith the above user_id and userProi"ile.Output:< agent_id >The returned ConnectionlD can be used by later APl calls to trace the5 current connection instance.1015202530RTDisconnectAgentO :Disconnect the current connection to the Messaging Agent. Calledafter each MDA session to free the resource.Input:< agent_id >ConnectionlD of the current connection.RTSetExcludeFileExtensionO: Set the address of the inocuLan call back function.Input:< agentlD >ConnectionlD of the current connection.< excludeFlag >Allfiles l all exclude l list only.< extCount >count of the extension in extString< extstring >A list of extension string.RTSetCallbackFunction0: Set the address of the inocuLan call back function.Input:< agentlD >ConnectionlD of the current connection.<cbFunction>The address of the callback function.RTStartupNotificationO 2 Startup the real-time notification.Input:<agentlD>ConnectionlD of the current connection.CA 02264816 1999-03-04PCT/US97/ 15661W0 98/1034210152025303527RTShutdownNotificationoz Shutdown the real-time notification.Input:< agentID >ConnectionID of the current connection.RTGetErrorO: Get error information from the agent.mpm:< agent_id >ConnectionlD of the current connected Agent.< errcode>The error return code from the agent.Output:<err_buff>A buffer containing error information.< bu ffer_si2e >RTSetDetachedDirO: Set a temporary directory to be the detached directory.Input:<agent__id >ConnectionID of the current connected Agent.<detached_dir>The detach directory path to be created.Of course, the above real-time scanning capability can beimplemented for mail servers other than the MicrosoftExchange server. For example, for the Lotus Notesdatabase, where every database is a file, that file mustbe opened whenever a new message is placed in the file.Thus, taking advantage of operating system level hooks,the agent 110 can notify the anti—virus application 120when a new e—mail message is received.It will be appreciated that the present invention is thefirst server-based anti-virus agent built using WindowsNT WIN32 APIS, Lotus Notes APIS, Microsoft Exchange APIsand MAPI. The client side is transparent to theSUBSTITUTE SHEET (RULE 26)W0 98ll034210CA 02264816 1999-03-04PCT/US97/1566128existence of such anti-virus entities.Further, the agent llO of the present invention is ageneric agent which can interface with any anti-virusserver programs.The agent 110 of the representative embodiment of thepresent invention can be implemented utilizing a logiccircuit or a computer memory (e.g., a memory device atserver 20) comprising computer-readable instructions,such as a computer program. The functionality of thelogic circuit or computer memory is described above. Thecomputer program may be stored, for example, on a harddisk, CD—ROM or floppy disk.

Claims (35)

CLAIMS:
1. In a computer network having a client-server architecture and a message system, a server-based method for detecting and removing computer viruses located in attachments to e-mail messages comprising the steps of:
providing a scan time period;
at the server, searching the message system to obtain a list of attachments to e-mail messages received at the message system within the previous scan time period;
at the server, passing each attachment in the list of attachments to an anti-virus detection module for computer virus scanning;
at the anti-virus detection module, detecting and removing computer viruses in each attachment in the list of attachments; and at the server, re-attaching each attachment to the e-mail messages.
2. The method of claim 1 further comprising the step of repeating the method each scan time period.
3. The method of claim 1 wherein the e-mail messages comprises e-mail messages received from users at workstations on the client-server network on which the message system is located.
4. The method of claim 3 wherein the e-mail messages comprise e-mail messages received from external message systems.
5. The method of claim 1 wherein the e-mail messages comprise e-mail messages received over the Internet.
6. In a client-server computer network having a mail server, a method for detecting and removing computer viruses located in attachments to e-mail messages comprising the steps of:
A. setting a scan time period;
B. at the server, searching the mail server to obtain a list of attachments to e-mail messages input to the mail server within the previous scan time period;
C. at the server, detecting and removing computer viruses in each attachment in the list of attachments; and D. at the server, re-attaching each attachment to the e-mail messages in the mail server.
7. The method of claim 6 further comprising the step of repeating steps B. through D. each scan time period.
8. The method of claim 6 wherein step C. further comprises the step of passing each attachment in the list of attachments to an anti-virus detection module for computer virus scanning.
9. In a client-server computer network having a mail server, a method for detecting and removing computer viruses located in attachments to e-mail messages comprising the steps of:
A. obtaining a scan time period;
B. searching the mail server to create a list of attachments to e-mail messages that were input to the mail server within the previous scan time period;

C. passing each attachment in the list of attachments to an anti-virus detection module for computer virus scanning and removal;

D. re-attaching each attachment to the e-mail messages in the mail server after scanning and removal of computer viruses at the anti-virus detection module; and E. repeating steps B. through D. each scan time period.
10. In a client-server computer network having a plurality of workstations and a server, the server including a message system, a server-based method for detecting and removing computer viruses located in attachments to e-mail messages, comprising the steps of:

receiving an e-mail message at the message system;

upon receipt of the e-mail message, determining whether the e-mail message includes an attachment;

if the e-mail message includes an attachment, passing the attachment to an anti-virus detection module for computer virus scanning;

at the anti-virus detection module, detecting and removing computer viruses in the attachment; and re-attaching each attachment to the e-mail messages.
11. The method of claim 10 wherein the step of receiving an e-mail message comprises the step of receiving an e-mail message from an external computer network.

31a
12. The method of claim 10 wherein the step of receiving an e-mail message comprises the step of receiving an e-mail message from a workstation.
13. In a first computer network having a plurality of nodes, the first computer network configured to operate an e-mail system for sending and receiving among the plurality of nodes a plurality of e-mail messages, a sub-set of the plurality of e-mail messages having at least one attachment associated therewith, a method for detecting and removing computer viruses from the attachments to the plurality of e-mail messages, the method comprising the steps of:

detaching the at least one attachment from each of the sub-set of the plurality of e-mail messages;

sending the at least one attachment to an anti-virus application;

scanning the at least one attachment for the at least one computer virus in accordance with the anti-virus application;
removing the at least one computer virus from the at least one attachment; and reattaching the at least one attachment to a corresponding one of the plurality of e-mail messages.
14. The method according to claim 13, wherein at least one of the plurality of e-mail messages originates from a second computer network in communication with the first computer network.
15. The method according to claim 13, wherein at least one of the plurality of e-mail messages originates from the first computer network.
16. The method according to claim 13, wherein the attachments are scanned regardless of whether opened or viewed by a user.
17. The method according to claim 13, wherein the attachments are scanned without user intervention.
18. The method according to claim 17, wherein at least one of the plurality of e-mail messages originates from a second computer network in communication with the first computer network.
19. In a first computer network having a plurality of nodes, the first computer network configured to operate an e-mail system for sending and receiving a plurality of e-mail messages among the plurality of nodes, a subset of the plurality of e-mail messages having at least one attachment associated therewith, a method for detecting and removing at least one computer virus from the at least one attachment, the method comprising the steps of:

detaching the at least one attachment from each of the plurality of e-mail messages;
determining whether the at least one attachment is infected with the at least one computer virus;
removing the at least one computer virus from the at least one attachment; and reattaching the at least one attachment to a corresponding one of the plurality of e-mail messages.
20. A system for detecting computer viruses located in attachments to e-mail messages in a client-server computer network including a server computer and a plurality of client computers and a message system located at the server computer for controlling the distribution of e-mail messages, comprising:
an anti-virus module located at the server computer for scanning files for viruses; and an agent located at the server computer, the agent providing an interface between the anti-virus module and the message system, and including means for receiving a scan time period, means for searching the message system to obtain a list of attachments to e-mail messages received at the message system within the previous scan time period, means for passing each attachment in the list of attachments to the anti-virus module for computer virus scanning, and means for re-attaching each attachment to the e-mail messages.
21. The system of claim 20 wherein the e-mail messages comprises e-mail messages received from client computers on the computer network.
22. The system of claim 20 wherein the message system comprises an external gateway and the e-mail messages comprise e-mail messages received from external message systems.
23. The system of claim 20 wherein the e-mail messages comprise e-mail messages received over an Internet connection.
24. An anti-virus agent for use in a client-server computer network having a server computer including a mail server with e-mail messages and a plurality of client computers, the anti-virus agent assisting in the detection of computer viruses located in attachments to e-mail messages, comprising:

means for setting a scan time period;

means, located at the server computer, for searching the mail server to obtain a list of attachments to e-mail messages input to the mail server within the previous scan time period;

means for passing each attachment in the list of attachments to an anti-virus detection module for computer virus scanning and removal; and means, located at the server computer, for re-attaching each attachment to the e-mail messages in the mail server.
25. The agent of claim 24 further comprising means for detecting and removing computer viruses in each attachment in the list of attachments.
26. In a first computer network having a plurality of nodes and configured to operate an e-mail system for sending and receiving among the plurality of nodes a plurality of e-mail messages, a sub-set of the plurality of e-mail messages 34a having at least one attachment associate therewith, a system for detecting and removing computer viruses from the attachments to the plurality of e-mail messages, the system comprising:
means for detaching the at least one attachment from each of the sub-set of the plurality of e-mail messages;
means for sending the at least one attachment to an anti-virus application;
means for scanning the at least one attachment for the at least one computer virus in accordance with the anti-virus application;
means for removing the at least one computer virus from the at least one attachment; and means for reattaching the at least one attachment to a corresponding one of the plurality of e-mail messages.
27. The system of claim 26, wherein at least one of the plurality of e-mail messages originates from a second computer network in communication with the first computer network.
28. The system of claim 26, wherein at least one of the plurality of e-mail messages originates from within the first computer network.
29. In a first computer network having a plurality of nodes and configured to operate an e-mail system for sending and receiving a plurality of e-mail messages among the plurality of nodes, a subset of the plurality of e-mail messages having at least one attachment associated therewith, a system for detecting and removing at least one computer virus from the at least one attachment, the system comprising:
means for detaching the at least one attachment from each of the plurality of e-mail messages;
means for determining whether the at least one attachment is infected with the at least one computer virus;
means for removing the at least one computer virus from the at least one attachment; and 36~

means for reattaching the at least one attachment to a corresponding one of the plurality of e-mail messages.
30. ~A real-time system for detecting computer viruses located in attachments to e-mail messages in a client-server computer network including a server computer and a~
plurality of client computers, a message system being located at the server computer for controlling the distribution of e-mail messages and including a plurality of mailboxes, the real-time system comprising:
an anti-virus module located at the server computer for scanning files for viruses; and an agent located at the server computer, the agent providing an interface between the anti-virus module and the message system and invoked whenever an e-mail message is forwarded to a mailbox, and including means for determining if an e-mail message includes an attachment, means for detaching the attachment from the e-mail message, means for enabling the anti-virus module to scan the attachment for computer viruses, and means for re-attaching each attachment to the e-mail messages.
31. ~The real-time system of claim 30 wherein the means for detaching further comprises means for storing the~
attachment in a file.~
32. ~The real-time system of claim 31 wherein the means for enabling further comprises means for notifying the anti-virus module of the address of the file in which the attachment is stored.
33. ~The real-time system of claim 30 wherein the e-mail messages comprises e-mail messages received from client computers on the computer network.
34. ~The real-time system of claim 30 wherein the agent provides an interface between the message system and a plurality of different anti-virus modules.
35. ~The real-time system of claim 30 wherein the agent provides an interface between the anti-virus module and a plurality of different message systems.
CA002264816A 1996-09-05 1997-09-05 Anti-virus agent for use with databases and mail servers Expired - Fee Related CA2264816C (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US08/709,025 1996-09-05
US08/709,025 US5832208A (en) 1996-09-05 1996-09-05 Anti-virus agent for use with databases and mail servers
PCT/US1997/015661 WO1998010342A2 (en) 1996-09-05 1997-09-05 Anti-virus agent for use with databases and mail servers

Publications (2)

Publication Number Publication Date
CA2264816A1 CA2264816A1 (en) 1998-03-12
CA2264816C true CA2264816C (en) 2005-11-15

Family

ID=24848177

Family Applications (1)

Application Number Title Priority Date Filing Date
CA002264816A Expired - Fee Related CA2264816C (en) 1996-09-05 1997-09-05 Anti-virus agent for use with databases and mail servers

Country Status (15)

Country Link
US (1) US5832208A (en)
EP (2) EP1010059B1 (en)
JP (1) JP2001500295A (en)
KR (1) KR100554903B1 (en)
CN (1) CN1160616C (en)
AT (1) ATE241169T1 (en)
AU (1) AU735236B2 (en)
BR (1) BR9711990A (en)
CA (1) CA2264816C (en)
DE (1) DE69722266T2 (en)
ES (1) ES2199372T3 (en)
HK (2) HK1023826A1 (en)
RU (1) RU2221269C2 (en)
WO (1) WO1998010342A2 (en)
ZA (1) ZA977970B (en)

Families Citing this family (324)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6115712A (en) * 1996-07-12 2000-09-05 International Business Machines Corporation Mechanism for combining data analysis algorithms with databases on the internet
US6167520A (en) * 1996-11-08 2000-12-26 Finjan Software, Inc. System and method for protecting a client during runtime from hostile downloadables
US6154844A (en) * 1996-11-08 2000-11-28 Finjan Software, Ltd. System and method for attaching a downloadable security profile to a downloadable
US7613926B2 (en) * 1997-11-06 2009-11-03 Finjan Software, Ltd Method and system for protecting a computer and a network from hostile downloadables
US7058822B2 (en) 2000-03-30 2006-06-06 Finjan Software, Ltd. Malicious mobile code runtime monitoring system and methods
US9219755B2 (en) 1996-11-08 2015-12-22 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US8079086B1 (en) 1997-11-06 2011-12-13 Finjan, Inc. Malicious mobile code runtime monitoring system and methods
US6421733B1 (en) * 1997-03-25 2002-07-16 Intel Corporation System for dynamically transcoding data transmitted between computers
US6275848B1 (en) * 1997-05-21 2001-08-14 International Business Machines Corp. Method and apparatus for automated referencing of electronic information
US6014689A (en) * 1997-06-03 2000-01-11 Smith Micro Software Inc. E-mail system with a video e-mail player
CN1229489A (en) * 1997-06-17 1999-09-22 珀杜法尔玛Lp公司 Self-destructing document and E-mail messaging system
US6016546A (en) * 1997-07-10 2000-01-18 International Business Machines Corporation Efficient detection of computer viruses and other data traits
US7127741B2 (en) 1998-11-03 2006-10-24 Tumbleweed Communications Corp. Method and system for e-mail message transmission
US6609196B1 (en) 1997-07-24 2003-08-19 Tumbleweed Communications Corp. E-mail firewall with stored key encryption/decryption
US5978917A (en) * 1997-08-14 1999-11-02 Symantec Corporation Detection and elimination of macro viruses
US6212551B1 (en) * 1997-09-15 2001-04-03 Advanced Micro Devices, Inc. Digitized audio data attachment to text message for electronic mail
US6073166A (en) * 1997-10-14 2000-06-06 Maila Nordic Ab System for transfer of data
US6003132A (en) * 1997-10-22 1999-12-14 Rvt Technologies, Inc. Method and apparatus for isolating a computer system upon detection of viruses and similar data
US6081894A (en) * 1997-10-22 2000-06-27 Rvt Technologies, Inc. Method and apparatus for isolating an encrypted computer system upon detection of viruses and similar data
US6393568B1 (en) * 1997-10-23 2002-05-21 Entrust Technologies Limited Encryption and decryption system and method with content analysis provision
US8225408B2 (en) * 1997-11-06 2012-07-17 Finjan, Inc. Method and system for adaptive rule-based content scanners
US7975305B2 (en) * 1997-11-06 2011-07-05 Finjan, Inc. Method and system for adaptive rule-based content scanners for desktop computers
US7418731B2 (en) * 1997-11-06 2008-08-26 Finjan Software, Ltd. Method and system for caching at secure gateways
US6088803A (en) * 1997-12-30 2000-07-11 Intel Corporation System for virus-checking network data during download to a client device
US6035423A (en) 1997-12-31 2000-03-07 Network Associates, Inc. Method and system for providing automated updating and upgrading of antivirus applications using a computer network
US6205551B1 (en) * 1998-01-29 2001-03-20 Lucent Technologies Inc. Computer security using virus probing
US5987610A (en) * 1998-02-12 1999-11-16 Ameritech Corporation Computer virus screening methods and systems
JP3579240B2 (en) * 1998-02-13 2004-10-20 富士通株式会社 E-mail device and computer-readable recording medium recording e-mail program
US6160423A (en) * 1998-03-16 2000-12-12 Jazio, Inc. High speed source synchronous signaling for interfacing VLSI CMOS circuits to transmission lines
ID26398A (en) 1998-03-16 2000-12-21 Jazio Inc HIGH SPEED MULTIPLE MULTIPLICATION OF CML VLSI CIRCUITS
US6073133A (en) * 1998-05-15 2000-06-06 Micron Electronics Inc. Electronic mail attachment verifier
WO1999066383A2 (en) * 1998-06-15 1999-12-23 Dmw Worldwide, Inc. Method and apparatus for assessing the security of a computer system
JP3225926B2 (en) * 1998-07-14 2001-11-05 日本電気株式会社 E-mail transmission / reception method and system, and machine-readable recording medium recording program
US6269447B1 (en) 1998-07-21 2001-07-31 Raytheon Company Information security analysis system
US6304262B1 (en) 1998-07-21 2001-10-16 Raytheon Company Information security analysis system
US7047423B1 (en) 1998-07-21 2006-05-16 Computer Associates Think, Inc. Information security analysis system
US6253337B1 (en) * 1998-07-21 2001-06-26 Raytheon Company Information security analysis system
US6233583B1 (en) * 1998-09-10 2001-05-15 International Business Machines Corporation Report generator for use within a lotus notes database system
US6338141B1 (en) 1998-09-30 2002-01-08 Cybersoft, Inc. Method and apparatus for computer virus detection, analysis, and removal in real time
US20030195974A1 (en) * 1998-12-04 2003-10-16 Ronning Joel A. Apparatus and method for scheduling of search for updates or downloads of a file
US7617124B1 (en) 1998-12-04 2009-11-10 Digital River, Inc. Apparatus and method for secure downloading of files
US7058597B1 (en) * 1998-12-04 2006-06-06 Digital River, Inc. Apparatus and method for adaptive fraud screening for electronic commerce transactions
IL143592A0 (en) 1998-12-07 2002-04-21 Network Ice Corp A method and apparatus for remote installation of network drivers and software
IL143573A0 (en) 1998-12-09 2002-04-21 Network Ice Corp A method and apparatus for providing network and computer system security
AU758189B2 (en) * 1998-12-11 2003-03-20 Rvt Technologies, Inc. Method and apparatus for isolating a computer system upon detection of viruses and similar data
US7917744B2 (en) * 1999-02-03 2011-03-29 Cybersoft, Inc. Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer in instant messaging and peer-to-peer applications
US7389540B2 (en) 1999-02-03 2008-06-17 Cybersoft, Inc. Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer
US6725377B1 (en) * 1999-03-12 2004-04-20 Networks Associates Technology, Inc. Method and system for updating anti-intrusion software
US6922781B1 (en) * 1999-04-30 2005-07-26 Ideaflood, Inc. Method and apparatus for identifying and characterizing errant electronic files
US7120628B1 (en) * 1999-07-01 2006-10-10 International Business Machines Corporation System and method for enabling a user to subscribe to updates from information sources
US7346929B1 (en) 1999-07-29 2008-03-18 International Business Machines Corporation Method and apparatus for auditing network security
US6360221B1 (en) 1999-09-21 2002-03-19 Neostar, Inc. Method and apparatus for the production, delivery, and receipt of enhanced e-mail
US6704771B1 (en) * 1999-09-21 2004-03-09 Neostar, Inc. Electronic message payload for interfacing with text contained in the message
US6687740B1 (en) 1999-09-21 2004-02-03 Neostar, Inc. System, method and article of manufacture for preventing the proliferation of unwanted electronic messages
US7840639B1 (en) 1999-09-21 2010-11-23 G&H Nevada-Tek Method and article of manufacture for an automatically executed application program associated with an electronic message
US9092535B1 (en) 1999-09-21 2015-07-28 Google Inc. E-mail embedded textual hyperlink object
US6763462B1 (en) * 1999-10-05 2004-07-13 Micron Technology, Inc. E-mail virus detection utility
JP2001142802A (en) * 1999-11-11 2001-05-25 Matsushita Graphic Communication Systems Inc Device and method for receiving image
US7020845B1 (en) 1999-11-15 2006-03-28 Gottfurcht Elliot A Navigating internet content on a television using a simplified interface and a remote control
US6321267B1 (en) 1999-11-23 2001-11-20 Escom Corporation Method and apparatus for filtering junk email
US7249175B1 (en) 1999-11-23 2007-07-24 Escom Corporation Method and system for blocking e-mail having a nonexistent sender address
US6868405B1 (en) 1999-11-29 2005-03-15 Microsoft Corporation Copy detection for digitally-formatted works
US8006243B2 (en) 1999-12-07 2011-08-23 International Business Machines Corporation Method and apparatus for remote installation of network drivers and software
US6954858B1 (en) * 1999-12-22 2005-10-11 Kimberly Joyce Welborn Computer virus avoidance system and mechanism
GB2353372B (en) * 1999-12-24 2001-08-22 F Secure Oyj Remote computer virus scanning
US6738972B1 (en) * 1999-12-30 2004-05-18 Opentv, Inc. Method for flow scheduling
US6701440B1 (en) * 2000-01-06 2004-03-02 Networks Associates Technology, Inc. Method and system for protecting a computer using a remote e-mail scanning device
US8117644B2 (en) 2000-01-07 2012-02-14 Pennar Software Corporation Method and system for online document collaboration
US6845448B1 (en) * 2000-01-07 2005-01-18 Pennar Software Corporation Online repository for personal information
US7908652B1 (en) 2001-12-21 2011-03-15 Trapware Corporation Detection of observers and countermeasures against observers
US8176551B1 (en) * 2000-01-27 2012-05-08 Trapware Corporation Detection of observer programs and countermeasures against observer programs
US7310816B1 (en) * 2000-01-27 2007-12-18 Dale Burns System and method for email screening
US20010052019A1 (en) * 2000-02-04 2001-12-13 Ovt, Inc. Video mail delivery system
JP2001265674A (en) * 2000-03-22 2001-09-28 Nec Corp Electronic mail transfer device and electronic mail transfer system
JP2001296985A (en) * 2000-04-17 2001-10-26 Fuji Xerox Co Ltd Information output system
JP4700884B2 (en) 2000-04-28 2011-06-15 インターナショナル・ビジネス・マシーンズ・コーポレーション Method and system for managing computer security information
US7921459B2 (en) 2000-04-28 2011-04-05 International Business Machines Corporation System and method for managing security events on a network
US7574740B1 (en) 2000-04-28 2009-08-11 International Business Machines Corporation Method and system for intrusion detection in a computer network
DE10023249A1 (en) * 2000-05-12 2001-11-22 Juergen Martens E-mail identification and processing method involves informing user regarding change of content of e-mail which is processed
KR20010105618A (en) * 2000-05-16 2001-11-29 정우협 Email preview
US9213836B2 (en) 2000-05-28 2015-12-15 Barhon Mayer, Batya System and method for comprehensive general electric protection for computers against malicious programs that may steal information and/or cause damages
JP2003535414A (en) * 2000-05-28 2003-11-25 ヤロン メイヤー Systems and methods for comprehensive and common protection of computers against malicious programs that may steal information and / or cause damage
KR100392879B1 (en) * 2000-06-02 2003-08-06 주식회사 인터넷엑스퍼트시스템 E-mail security audit system for corporation security & virus spread by e-mail
US7392398B1 (en) * 2000-06-05 2008-06-24 Ati International Srl Method and apparatus for protection of computer assets from unauthorized access
US20020035696A1 (en) * 2000-06-09 2002-03-21 Will Thacker System and method for protecting a networked computer from viruses
US6721721B1 (en) * 2000-06-15 2004-04-13 International Business Machines Corporation Virus checking and reporting for computer database search results
US20040073617A1 (en) 2000-06-19 2004-04-15 Milliken Walter Clark Hash-based systems and methods for detecting and preventing transmission of unwanted e-mail
US7017187B1 (en) 2000-06-20 2006-03-21 Citigroup Global Markets, Inc. Method and system for file blocking in an electronic messaging system
US7913078B1 (en) 2000-06-22 2011-03-22 Walter Mason Stewart Computer network virus protection system and method
US6901519B1 (en) * 2000-06-22 2005-05-31 Infobahn, Inc. E-mail virus protection system and method
US7080407B1 (en) * 2000-06-27 2006-07-18 Cisco Technology, Inc. Virus detection and removal system and method for network-based systems
US7162649B1 (en) 2000-06-30 2007-01-09 Internet Security Systems, Inc. Method and apparatus for network assessment and authentication
KR100794136B1 (en) * 2000-06-30 2008-01-10 주식회사 케이티 Remote virus check service method
US6907531B1 (en) 2000-06-30 2005-06-14 Internet Security Systems, Inc. Method and system for identifying, fixing, and updating security vulnerabilities
GB2357939B (en) * 2000-07-05 2002-05-15 Gfi Fax & Voice Ltd Electronic mail message anti-virus system and method
GB0016835D0 (en) * 2000-07-07 2000-08-30 Messagelabs Limited Method of, and system for, processing email
US20020013817A1 (en) * 2000-07-07 2002-01-31 Collins Thomas M. Method and apparatus for distributing of e-mail to multiple recipients
US8341743B2 (en) * 2000-07-14 2012-12-25 Ca, Inc. Detection of viral code using emulation of operating system functions
US7093239B1 (en) * 2000-07-14 2006-08-15 Internet Security Systems, Inc. Computer immune system and method for detecting unwanted code in a computer system
US6910134B1 (en) * 2000-08-29 2005-06-21 Netrake Corporation Method and device for innoculating email infected with a virus
JP3251000B2 (en) * 2000-09-07 2002-01-28 松本建工株式会社 Insulation structure of house and heat shield used
US6785732B1 (en) * 2000-09-11 2004-08-31 International Business Machines Corporation Web server apparatus and method for virus checking
US6886099B1 (en) * 2000-09-12 2005-04-26 Networks Associates Technology, Inc. Computer virus detection
US7178166B1 (en) 2000-09-19 2007-02-13 Internet Security Systems, Inc. Vulnerability assessment and authentication of a computer by a local scanner
US6650890B1 (en) * 2000-09-29 2003-11-18 Postini, Inc. Value-added electronic messaging services and transparent implementation thereof using intermediate server
US6757830B1 (en) * 2000-10-03 2004-06-29 Networks Associates Technology, Inc. Detecting unwanted properties in received email messages
US6968461B1 (en) * 2000-10-03 2005-11-22 Networks Associates Technology, Inc. Providing break points in a malware scanning operation
IL149763A0 (en) * 2000-10-03 2002-11-10 Netagent Co Ltd Communication information recorder
US6802012B1 (en) * 2000-10-03 2004-10-05 Networks Associates Technology, Inc. Scanning computer files for unwanted properties
US9027121B2 (en) 2000-10-10 2015-05-05 International Business Machines Corporation Method and system for creating a record for one or more computer security incidents
US7086090B1 (en) 2000-10-20 2006-08-01 International Business Machines Corporation Method and system for protecting pervasive devices and servers from exchanging viruses
US7146305B2 (en) 2000-10-24 2006-12-05 Vcis, Inc. Analytical virtual machine
US7003551B2 (en) 2000-11-30 2006-02-21 Bellsouth Intellectual Property Corp. Method and apparatus for minimizing storage of common attachment files in an e-mail communications server
US7152164B1 (en) * 2000-12-06 2006-12-19 Pasi Into Loukas Network anti-virus system
US7130466B2 (en) 2000-12-21 2006-10-31 Cobion Ag System and method for compiling images from a database and comparing the compiled images with known images
US20020147803A1 (en) 2001-01-31 2002-10-10 Dodd Timothy David Method and system for calculating risk in association with a security audit of a computer network
US7797251B2 (en) * 2001-02-14 2010-09-14 5th Fleet, L.L.C. System and method providing secure credit or debit transactions across unsecure networks
US8219620B2 (en) * 2001-02-20 2012-07-10 Mcafee, Inc. Unwanted e-mail filtering system including voting feedback
US7404212B2 (en) * 2001-03-06 2008-07-22 Cybersoft, Inc. Apparatus and methods for intercepting, examining and controlling code, data and files and their transfer
CA2374994C (en) * 2001-03-09 2007-05-15 Research In Motion Limited Wireless communication system congestion reduction system and method
US6928465B2 (en) * 2001-03-16 2005-08-09 Wells Fargo Bank, N.A. Redundant email address detection and capture system
US20030018903A1 (en) * 2001-03-19 2003-01-23 Greca Damon G. Della Method of containing spread of computer viruses
JP2002288093A (en) * 2001-03-26 2002-10-04 Fujitsu Ltd Electronic mail program
US7114184B2 (en) * 2001-03-30 2006-09-26 Computer Associates Think, Inc. System and method for restoring computer systems damaged by a malicious computer program
US7010696B1 (en) 2001-03-30 2006-03-07 Mcafee, Inc. Method and apparatus for predicting the incidence of a virus
US7062555B1 (en) 2001-04-06 2006-06-13 Networks Associates Technology, Inc. System and method for automatic selection of service provider for efficient use of bandwidth and resources in a peer-to-peer network environment
WO2002093334A2 (en) 2001-04-06 2002-11-21 Symantec Corporation Temporal access control for computer virus outbreaks
US7181506B1 (en) * 2001-04-06 2007-02-20 Mcafee, Inc. System and method to securely confirm performance of task by a peer in a peer-to-peer network environment
US20020147780A1 (en) * 2001-04-09 2002-10-10 Liu James Y. Method and system for scanning electronic mail to detect and eliminate computer viruses using a group of email-scanning servers and a recipient's email gateway
EP1388068B1 (en) * 2001-04-13 2015-08-12 Nokia Technologies Oy System and method for providing exploit protection for networks
US6941478B2 (en) * 2001-04-13 2005-09-06 Nokia, Inc. System and method for providing exploit protection with message tracking
US20020178373A1 (en) * 2001-04-16 2002-11-28 Randice-Lisa Altschul Computer virus rejection system and method
US7424747B2 (en) * 2001-04-24 2008-09-09 Microsoft Corporation Method and system for detecting pirated content
US6931552B2 (en) * 2001-05-02 2005-08-16 James B. Pritchard Apparatus and method for protecting a computer system against computer viruses and unauthorized access
US20020199120A1 (en) * 2001-05-04 2002-12-26 Schmidt Jeffrey A. Monitored network security bridge system and method
US7188368B2 (en) * 2001-05-25 2007-03-06 Lenovo (Singapore) Pte. Ltd. Method and apparatus for repairing damage to a computer system using a system rollback mechanism
US7640434B2 (en) * 2001-05-31 2009-12-29 Trend Micro, Inc. Identification of undesirable content in responses sent in reply to a user request for content
WO2002097587A2 (en) * 2001-05-31 2002-12-05 Internet Security Systems, Inc. Method and system for implementing security devices in a network
US7237264B1 (en) 2001-06-04 2007-06-26 Internet Security Systems, Inc. System and method for preventing network misuse
JP4566460B2 (en) * 2001-06-07 2010-10-20 パイオニア株式会社 Email virus check system
US7657419B2 (en) 2001-06-19 2010-02-02 International Business Machines Corporation Analytical virtual machine
KR20030000584A (en) * 2001-06-26 2003-01-06 (주)넥센 Computer virus nonproliferation type system and method for processing a electronic mail
US6981280B2 (en) * 2001-06-29 2005-12-27 Mcafee, Inc. Intelligent network scanning system and method
CA2454828A1 (en) * 2001-07-24 2003-02-06 Theresa Eileen Phillips Network security architecture
US7647376B1 (en) 2001-07-26 2010-01-12 Mcafee, Inc. SPAM report generation system and method
US6944775B2 (en) * 2001-07-26 2005-09-13 Networks Associates Technology, Inc. Scanner API for executing multiple scanning engines
EP1280298A1 (en) * 2001-07-26 2003-01-29 BRITISH TELECOMMUNICATIONS public limited company Method and apparatus of detecting network activity
US7231637B1 (en) * 2001-07-26 2007-06-12 Mcafee, Inc. Security and software testing of pre-release anti-virus updates on client and transmitting the results to the server
US7487544B2 (en) * 2001-07-30 2009-02-03 The Trustees Of Columbia University In The City Of New York System and methods for detection of new malicious executables
US6718469B2 (en) * 2001-08-01 2004-04-06 Networks Associates Technology, Inc. System and method for executing computer virus definitions containing general purpose programming language extensions
US6792543B2 (en) * 2001-08-01 2004-09-14 Networks Associates Technology, Inc. Virus scanning on thin client devices using programmable assembly language
US7540031B2 (en) * 2001-08-01 2009-05-26 Mcafee, Inc. Wireless architecture with malware scanning component manager and associated API
US7117533B1 (en) * 2001-08-03 2006-10-03 Mcafee, Inc. System and method for providing dynamic screening of transient messages in a distributed computing environment
US6993660B1 (en) * 2001-08-03 2006-01-31 Mcafee, Inc. System and method for performing efficient computer virus scanning of transient messages using checksums in a distributed computing environment
US7657935B2 (en) 2001-08-16 2010-02-02 The Trustees Of Columbia University In The City Of New York System and methods for detecting malicious email transmission
US7263561B1 (en) * 2001-08-24 2007-08-28 Mcafee, Inc. Systems and methods for making electronic files that have been converted to a safe format available for viewing by an intended recipient
US7640361B1 (en) * 2001-08-24 2009-12-29 Mcafee, Inc. Systems and methods for converting infected electronic files to a safe format
JP2003067306A (en) * 2001-08-24 2003-03-07 Hitachi Ltd Storage management method for electronic mail
US7302706B1 (en) * 2001-08-31 2007-11-27 Mcafee, Inc Network-based file scanning and solution delivery in real time
US7356736B2 (en) * 2001-09-25 2008-04-08 Norman Asa Simulated computer system for monitoring of software performance
US7107618B1 (en) 2001-09-25 2006-09-12 Mcafee, Inc. System and method for certifying that data received over a computer network has been checked for viruses
US6892241B2 (en) 2001-09-28 2005-05-10 Networks Associates Technology, Inc. Anti-virus policy enforcement system and method
US20030097409A1 (en) * 2001-10-05 2003-05-22 Hungchou Tsai Systems and methods for securing computers
KR100461984B1 (en) * 2001-10-06 2004-12-17 주식회사 테라스테크놀로지 Method for detecting Email virus and inducing clients to cure the detected virus
US7340774B2 (en) * 2001-10-15 2008-03-04 Mcafee, Inc. Malware scanning as a low priority task
US7310818B1 (en) * 2001-10-25 2007-12-18 Mcafee, Inc. System and method for tracking computer viruses
JP3693244B2 (en) * 2001-10-31 2005-09-07 株式会社日立製作所 E-mail system, mail server and mail terminal
US20030093689A1 (en) * 2001-11-15 2003-05-15 Aladdin Knowledge Systems Ltd. Security router
JP3914757B2 (en) * 2001-11-30 2007-05-16 デュアキシズ株式会社 Apparatus, method and system for virus inspection
AU2002360197B2 (en) * 2001-12-10 2008-08-21 Cisco Technology, Inc. Protecting against malicious traffic
US9306966B2 (en) 2001-12-14 2016-04-05 The Trustees Of Columbia University In The City Of New York Methods of unsupervised anomaly detection using a geometric framework
US8544087B1 (en) 2001-12-14 2013-09-24 The Trustess Of Columbia University In The City Of New York Methods of unsupervised anomaly detection using a geometric framework
US7401359B2 (en) * 2001-12-21 2008-07-15 Mcafee, Inc. Generating malware definition data for mobile computing devices
GB0130805D0 (en) * 2001-12-22 2002-02-06 Koninkl Philips Electronics Nv Dealing with a computer virus which self-propagates by e-mail
AU2003202876A1 (en) 2002-01-04 2003-07-24 Internet Security Systems, Inc. System and method for the managed security control of processes on a computer system
US7269851B2 (en) * 2002-01-07 2007-09-11 Mcafee, Inc. Managing malware protection upon a computer network
US9652613B1 (en) 2002-01-17 2017-05-16 Trustwave Holdings, Inc. Virus detection by executing electronic message code in a virtual machine
US7607171B1 (en) 2002-01-17 2009-10-20 Avinti, Inc. Virus detection by executing e-mail code in a virtual machine
GB2384659B (en) * 2002-01-25 2004-01-14 F Secure Oyj Anti-virus protection at a network gateway
US7225343B1 (en) 2002-01-25 2007-05-29 The Trustees Of Columbia University In The City Of New York System and methods for adaptive model generation for detecting intrusions in computer systems
KR100443175B1 (en) * 2002-02-14 2004-08-04 주식회사 안철수연구소 An antivirus service system
JP4593926B2 (en) * 2002-02-19 2010-12-08 ポスティーニ インク Email management service
US7693285B2 (en) * 2002-03-06 2010-04-06 Entrust, Inc. Secure communication apparatus and method
US7281269B1 (en) * 2002-03-06 2007-10-09 Novell, Inc. Methods, data structures, and systems to remotely validate a message
US20030204569A1 (en) * 2002-04-29 2003-10-30 Michael R. Andrews Method and apparatus for filtering e-mail infected with a previously unidentified computer virus
US7237008B1 (en) * 2002-05-10 2007-06-26 Mcafee, Inc. Detecting malware carried by an e-mail message
US7370360B2 (en) 2002-05-13 2008-05-06 International Business Machines Corporation Computer immune system and method for detecting unwanted code in a P-code or partially compiled native-code program executing within a virtual machine
US7634806B2 (en) * 2002-05-30 2009-12-15 Microsoft Corporation Peer assembly inspection
US7367056B1 (en) 2002-06-04 2008-04-29 Symantec Corporation Countering malicious code infections to computer files that have been infected more than once
US20040021889A1 (en) * 2002-07-30 2004-02-05 Mcafee David A. Method of transmitting information from a document to a remote location, and a computer peripheral device
CA2493787A1 (en) * 2002-08-07 2004-02-19 British Telecommunications Public Limited Company Server for sending electronics messages
EP1567928A4 (en) * 2002-09-03 2008-04-30 X1 Technologies Llc Apparatus and methods for locating data
US8856093B2 (en) 2002-09-03 2014-10-07 William Gross Methods and systems for search indexing
FI113499B (en) * 2002-09-12 2004-04-30 Jarmo Talvitie A protection system, method and device for using computer viruses and isolating information
US7337471B2 (en) * 2002-10-07 2008-02-26 Symantec Corporation Selective detection of malicious computer code
US7469419B2 (en) 2002-10-07 2008-12-23 Symantec Corporation Detection of malicious computer code
US7260847B2 (en) * 2002-10-24 2007-08-21 Symantec Corporation Antivirus scanning in a hard-linked environment
US7249187B2 (en) 2002-11-27 2007-07-24 Symantec Corporation Enforcement of compliance with network security policies
US7373664B2 (en) * 2002-12-16 2008-05-13 Symantec Corporation Proactive protection against e-mail worms and spam
MY141160A (en) * 2003-01-13 2010-03-31 Multimedia Glory Sdn Bhd System and method of preventing the transmission of known and unknown electronic content to and from servers or workstations connected to a common network
US7219131B2 (en) * 2003-01-16 2007-05-15 Ironport Systems, Inc. Electronic message delivery using an alternate source approach
US7913303B1 (en) 2003-01-21 2011-03-22 International Business Machines Corporation Method and system for dynamically protecting a computer system from attack
US7900254B1 (en) * 2003-01-24 2011-03-01 Mcafee, Inc. Identifying malware infected reply messages
US20040153666A1 (en) * 2003-02-05 2004-08-05 Sobel William E. Structured rollout of updates to malicious computer code detection definitions
US7293290B2 (en) * 2003-02-06 2007-11-06 Symantec Corporation Dynamic detection of computer worms
US20040158546A1 (en) * 2003-02-06 2004-08-12 Sobel William E. Integrity checking for software downloaded from untrusted sources
US20040158741A1 (en) * 2003-02-07 2004-08-12 Peter Schneider System and method for remote virus scanning in wireless networks
US7246227B2 (en) * 2003-02-10 2007-07-17 Symantec Corporation Efficient scanning of stream based data
US20060265459A1 (en) * 2003-02-19 2006-11-23 Postini, Inc. Systems and methods for managing the transmission of synchronous electronic messages
US7603472B2 (en) * 2003-02-19 2009-10-13 Google Inc. Zero-minute virus and spam detection
US7958187B2 (en) * 2003-02-19 2011-06-07 Google Inc. Systems and methods for managing directory harvest attacks via electronic messages
US7496628B2 (en) 2003-02-25 2009-02-24 Susquehanna International Group, Llp Electronic message filter
US6965968B1 (en) 2003-02-27 2005-11-15 Finjan Software Ltd. Policy-based caching
US7203959B2 (en) 2003-03-14 2007-04-10 Symantec Corporation Stream scanning through network proxy servers
US7546638B2 (en) 2003-03-18 2009-06-09 Symantec Corporation Automated identification and clean-up of malicious computer code
US7113948B2 (en) * 2003-03-21 2006-09-26 Acellion Pte Ltd. Methods and systems for email attachment distribution and management
US7716736B2 (en) * 2003-04-17 2010-05-11 Cybersoft, Inc. Apparatus, methods and articles of manufacture for computer virus testing
US7039950B2 (en) * 2003-04-21 2006-05-02 Ipolicy Networks, Inc. System and method for network quality of service protection on security breach detection
GB2400934B (en) * 2003-04-25 2005-12-14 Messagelabs Ltd A method of,and system for detecting mass mailing viruses
US20050010563A1 (en) * 2003-05-15 2005-01-13 William Gross Internet search application
AU2003233574B9 (en) * 2003-05-17 2010-03-25 Microsoft Corporation Mechanism for evaluating security risks
US7669207B2 (en) * 2003-07-17 2010-02-23 Gradient Enterprises, Inc. Method for detecting, reporting and responding to network node-level events and a system thereof
US20050028010A1 (en) * 2003-07-29 2005-02-03 International Business Machines Corporation System and method for addressing denial of service virus attacks
US7386719B2 (en) * 2003-07-29 2008-06-10 International Business Machines Corporation System and method for eliminating viruses at a web page server
US7739278B1 (en) * 2003-08-22 2010-06-15 Symantec Corporation Source independent file attribute tracking
US20050050337A1 (en) * 2003-08-29 2005-03-03 Trend Micro Incorporated, A Japanese Corporation Anti-virus security policy enforcement
US7703078B2 (en) * 2003-09-03 2010-04-20 Cybersoft, Inc. Apparatus, methods and articles of manufacture for software demonstration
US8200761B1 (en) 2003-09-18 2012-06-12 Apple Inc. Method and apparatus for improving security in a data processing system
US20050081057A1 (en) * 2003-10-10 2005-04-14 Oded Cohen Method and system for preventing exploiting an email message
US7657938B2 (en) 2003-10-28 2010-02-02 International Business Machines Corporation Method and system for protecting computer networks by altering unwanted network data traffic
US7945914B2 (en) * 2003-12-10 2011-05-17 X1 Technologies, Inc. Methods and systems for performing operations in response to detecting a computer idle condition
US8984640B1 (en) 2003-12-11 2015-03-17 Radix Holdings, Llc Anti-phishing
US20050177720A1 (en) * 2004-02-10 2005-08-11 Seiichi Katano Virus protection for multi-function peripherals
US20050177748A1 (en) * 2004-02-10 2005-08-11 Seiichi Katano Virus protection for multi-function peripherals
WO2005081477A1 (en) 2004-02-17 2005-09-01 Ironport Systems, Inc. Collecting, aggregating, and managing information relating to electronic messages
US7607172B2 (en) * 2004-03-02 2009-10-20 International Business Machines Corporation Method of protecting a computing system from harmful active content in documents
US7130981B1 (en) 2004-04-06 2006-10-31 Symantec Corporation Signature driven cache extension for stream based scanning
US7647321B2 (en) * 2004-04-26 2010-01-12 Google Inc. System and method for filtering electronic messages using business heuristics
US7861304B1 (en) 2004-05-07 2010-12-28 Symantec Corporation Pattern matching using embedded functions
US7373667B1 (en) 2004-05-14 2008-05-13 Symantec Corporation Protecting a computer coupled to a network from malicious code infections
US7484094B1 (en) 2004-05-14 2009-01-27 Symantec Corporation Opening computer files quickly and safely over a network
WO2005116851A2 (en) * 2004-05-25 2005-12-08 Postini, Inc. Electronic message source information reputation system
US7756930B2 (en) 2004-05-28 2010-07-13 Ironport Systems, Inc. Techniques for determining the reputation of a message sender
US7849142B2 (en) 2004-05-29 2010-12-07 Ironport Systems, Inc. Managing connections, messages, and directory harvest attacks at a server
US8166310B2 (en) 2004-05-29 2012-04-24 Ironport Systems, Inc. Method and apparatus for providing temporary access to a network device
US7873695B2 (en) 2004-05-29 2011-01-18 Ironport Systems, Inc. Managing connections and messages at a server by associating different actions for both different senders and different recipients
US7917588B2 (en) * 2004-05-29 2011-03-29 Ironport Systems, Inc. Managing delivery of electronic messages using bounce profiles
US7870200B2 (en) * 2004-05-29 2011-01-11 Ironport Systems, Inc. Monitoring the flow of messages received at a server
US7748038B2 (en) 2004-06-16 2010-06-29 Ironport Systems, Inc. Method and apparatus for managing computer virus outbreaks
US7694340B2 (en) 2004-06-21 2010-04-06 Microsoft Corporation Anti virus for an item store
US20060005043A1 (en) * 2004-07-03 2006-01-05 Jung-Jen Hsueh Method of scanning computer virus within internet packet
AU2005258459B2 (en) * 2004-07-06 2008-09-18 Ntt Docomo, Inc. Message transfer system and message transfer method
US9154511B1 (en) 2004-07-13 2015-10-06 Dell Software Inc. Time zero detection of infectious messages
US7343624B1 (en) * 2004-07-13 2008-03-11 Sonicwall, Inc. Managing infectious messages as identified by an attachment
US7509680B1 (en) 2004-09-01 2009-03-24 Symantec Corporation Detecting computer worms as they arrive at local computers through open network shares
US20060075144A1 (en) * 2004-09-24 2006-04-06 International Business Machines Corp. Remote access to a local hard drive
GB2418500A (en) * 2004-09-27 2006-03-29 Clearswift Ltd Detection, quarantine and modification of dangerous web pages
CN100349426C (en) * 2004-10-10 2007-11-14 中兴通讯股份有限公司 On-line monitoring and testing method for communication interface
US7565686B1 (en) 2004-11-08 2009-07-21 Symantec Corporation Preventing unauthorized loading of late binding code into a process
US8059551B2 (en) * 2005-02-15 2011-11-15 Raytheon Bbn Technologies Corp. Method for source-spoofed IP packet traceback
US20060253908A1 (en) * 2005-05-03 2006-11-09 Tzu-Jian Yang Stateful stack inspection anti-virus and anti-intrusion firewall system
US20060253597A1 (en) * 2005-05-05 2006-11-09 Mujica Technologies Inc. E-mail system
GB2427048A (en) * 2005-06-09 2006-12-13 Avecho Group Ltd Detection of unwanted code or data in electronic mail
US7975303B1 (en) 2005-06-27 2011-07-05 Symantec Corporation Efficient file scanning using input-output hints
US7895654B1 (en) 2005-06-27 2011-02-22 Symantec Corporation Efficient file scanning using secure listing of file modification times
US8984636B2 (en) * 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
US8645683B1 (en) 2005-08-11 2014-02-04 Aaron T. Emigh Verified navigation
US7908329B2 (en) * 2005-08-16 2011-03-15 Microsoft Corporation Enhanced e-mail folder security
US7571483B1 (en) 2005-08-25 2009-08-04 Lockheed Martin Corporation System and method for reducing the vulnerability of a computer network to virus threats
JP4687382B2 (en) * 2005-10-25 2011-05-25 株式会社日立製作所 Virus check method in storage system
US8301767B1 (en) 2005-12-21 2012-10-30 Mcafee, Inc. System, method and computer program product for controlling network communications based on policy compliance
US8418245B2 (en) * 2006-01-18 2013-04-09 Webroot Inc. Method and system for detecting obfuscatory pestware in a computer memory
US7844829B2 (en) * 2006-01-18 2010-11-30 Sybase, Inc. Secured database system with built-in antivirus protection
US8601160B1 (en) 2006-02-09 2013-12-03 Mcafee, Inc. System, method and computer program product for gathering information relating to electronic content utilizing a DNS server
US8903763B2 (en) * 2006-02-21 2014-12-02 International Business Machines Corporation Method, system, and program product for transferring document attributes
US7730538B2 (en) * 2006-06-02 2010-06-01 Microsoft Corporation Combining virus checking and replication filtration
US8239915B1 (en) 2006-06-30 2012-08-07 Symantec Corporation Endpoint management using trust rating data
WO2008006240A1 (en) * 2006-07-03 2008-01-17 Intel Corporation An anti-virus usage model at an exterior panel of a computer
EP3955180A1 (en) 2006-07-20 2022-02-16 BlackBerry Limited System and method for electronic file transmission
CN101141244B (en) * 2006-09-08 2010-05-26 飞塔公司 Network enciphered data virus detection and elimination system and proxy server and method
GB0621656D0 (en) 2006-10-31 2006-12-06 Hewlett Packard Development Co Data file transformation
US8527592B2 (en) 2006-10-31 2013-09-03 Watchguard Technologies, Inc. Reputation-based method and system for determining a likelihood that a message is undesired
KR100862282B1 (en) * 2006-11-03 2008-10-13 주식회사 비즈모델라인 Devices for Scanning The Worm Virus Trace Spreaded in Networks and Program Recording Medium
US9729513B2 (en) 2007-11-08 2017-08-08 Glasswall (Ip) Limited Using multiple layers of policy management to manage risk
GB2444514A (en) * 2006-12-04 2008-06-11 Glasswall Electronic file re-generation
US20080229416A1 (en) * 2007-01-09 2008-09-18 G. K. Webb Services Llc Computer Network Virus Protection System and Method
TW200830852A (en) * 2007-01-11 2008-07-16 Avision Inc Method for transferring fax data and multi-function printer using the same
US7895658B2 (en) * 2007-01-25 2011-02-22 Kabushiki Kaisha Toshiba Image forming apparatus and control method thereof
US8635691B2 (en) * 2007-03-02 2014-01-21 403 Labs, Llc Sensitive data scanner
US8850587B2 (en) * 2007-05-04 2014-09-30 Wipro Limited Network security scanner for enterprise protection
US8402529B1 (en) 2007-05-30 2013-03-19 M86 Security, Inc. Preventing propagation of malicious software during execution in a virtual machine
CN101163274B (en) * 2007-11-16 2011-12-14 中国联合网络通信集团有限公司 Device, method and mail system for supporting anti-virus of electronic mail
US8353041B2 (en) * 2008-05-16 2013-01-08 Symantec Corporation Secure application streaming
GB0822619D0 (en) 2008-12-11 2009-01-21 Scansafe Ltd Malware detection
US20100154062A1 (en) * 2008-12-16 2010-06-17 Elad Baram Virus Scanning Executed Within a Storage Device to Reduce Demand on Host Resources
US8065567B1 (en) * 2009-03-03 2011-11-22 Symantec Corporation Systems and methods for recording behavioral information of an unverified component
GB2470928A (en) * 2009-06-10 2010-12-15 F Secure Oyj False alarm identification for malware using clean scanning
JP4798278B2 (en) * 2009-09-17 2011-10-19 コニカミノルタビジネステクノロジーズ株式会社 Job processing system, image processing apparatus, program, and control method for image processing apparatus
US8863279B2 (en) * 2010-03-08 2014-10-14 Raytheon Company System and method for malware detection
US9009820B1 (en) 2010-03-08 2015-04-14 Raytheon Company System and method for malware detection using multiple techniques
RU2457533C1 (en) * 2011-02-10 2012-07-27 Государственное образовательное учреждение высшего профессионального образования Северо-Кавказский горно-металлургический институт (государственный технологический университет) (СКГМИ (ГТУ) Method for adaptive management of package of antivirus scanners and system for realising said method
US8756693B2 (en) 2011-04-05 2014-06-17 The United States Of America As Represented By The Secretary Of The Air Force Malware target recognition
US8584235B2 (en) * 2011-11-02 2013-11-12 Bitdefender IPR Management Ltd. Fuzzy whitelisting anti-malware systems and methods
CN102497425A (en) * 2011-12-12 2012-06-13 山东电力研究院 Malicious software detecting system based on transparent proxy and method thereof
RU2500070C1 (en) * 2012-03-20 2013-11-27 Федеральное государственное военное образовательное учреждение высшего профессионального образования "Военный авиационный инженерный университет" (г. Воронеж) Министерства обороны Российской Федерации System for safety risk assessment and management
CN102651744A (en) * 2012-05-04 2012-08-29 华为技术有限公司 E-mail security management method and E-mail server
CN103971053B (en) * 2013-01-30 2017-02-08 腾讯科技(深圳)有限公司 Trojan file transmission relation determining method and related device
DE102013203039A1 (en) 2013-02-25 2014-08-28 Robert Bosch Gmbh Tubular solid oxide cell
US9659058B2 (en) 2013-03-22 2017-05-23 X1 Discovery, Inc. Methods and systems for federation of results from search indexing
KR20140121142A (en) * 2013-04-05 2014-10-15 소프트캠프(주) Security method and system for Electronic documents
US9880983B2 (en) 2013-06-04 2018-01-30 X1 Discovery, Inc. Methods and systems for uniquely identifying digital content for eDiscovery
JP5606599B1 (en) * 2013-07-29 2014-10-15 デジタルア−ツ株式会社 Information processing apparatus, program, and information processing method
GB2518880A (en) 2013-10-04 2015-04-08 Glasswall Ip Ltd Anti-Malware mobile content data management apparatus and method
US10032027B2 (en) * 2014-07-29 2018-07-24 Digital Arts Inc. Information processing apparatus and program for executing an electronic data in an execution environment
US10346550B1 (en) 2014-08-28 2019-07-09 X1 Discovery, Inc. Methods and systems for searching and indexing virtual environments
US9330264B1 (en) 2014-11-26 2016-05-03 Glasswall (Ip) Limited Statistical analytic method for the determination of the risk posed by file based content
US10887261B2 (en) * 2015-07-30 2021-01-05 Microsoft Technology Licensing, Llc Dynamic attachment delivery in emails for advanced malicious content filtering
US10003558B2 (en) * 2015-09-30 2018-06-19 Bank Of America Corporation Electronic mail attachment hold and dispatch for security monitoring
US10032023B1 (en) * 2016-03-25 2018-07-24 Symantec Corporation Systems and methods for selectively applying malware signatures
CN108959917A (en) * 2017-05-25 2018-12-07 腾讯科技(深圳)有限公司 A kind of method, apparatus, equipment and the readable storage medium storing program for executing of Email detection
RU179369U1 (en) * 2017-08-21 2018-05-11 Федеральное государственное бюджетное образовательное учреждение высшего образования "Владивостокский государственный университет экономики и сервиса" (ВГУЭС) Adaptive Antivirus Scanner Package Management System
US11196754B1 (en) * 2019-06-25 2021-12-07 Ca, Inc. Systems and methods for protecting against malicious content
US11381586B2 (en) * 2019-11-20 2022-07-05 Verizon Patent And Licensing Inc. Systems and methods for detecting anomalous behavior
CN112995220A (en) * 2021-05-06 2021-06-18 广东电网有限责任公司佛山供电局 Security data security system for computer network

Family Cites Families (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5319776A (en) * 1990-04-19 1994-06-07 Hilgraeve Corporation In transit detection of computer virus with safeguard
US5274815A (en) * 1991-11-01 1993-12-28 Motorola, Inc. Dynamic instruction modifying controller and operation method
DK170490B1 (en) * 1992-04-28 1995-09-18 Multi Inform As Data Processing Plant
US5649095A (en) * 1992-03-30 1997-07-15 Cozza; Paul D. Method and apparatus for detecting computer viruses through the use of a scan information cache
US5440723A (en) * 1993-01-19 1995-08-08 International Business Machines Corporation Automatic immune system for computers and computer networks
US5414833A (en) * 1993-10-27 1995-05-09 International Business Machines Corporation Network security system and method using a parallel finite state machine adaptive active monitor and responder
GB2283341A (en) * 1993-10-29 1995-05-03 Sophos Plc Central virus checker for computer network.
US5623600A (en) * 1995-09-26 1997-04-22 Trend Micro, Incorporated Virus detection and removal apparatus for computer networks
US5889943A (en) * 1995-09-26 1999-03-30 Trend Micro Incorporated Apparatus and method for electronic mail virus detection and elimination

Also Published As

Publication number Publication date
AU735236B2 (en) 2001-07-05
AU4253597A (en) 1998-03-26
JP2001500295A (en) 2001-01-09
EP1237065A3 (en) 2006-03-15
ZA977970B (en) 1998-03-23
HK1047327A1 (en) 2003-02-14
WO1998010342A2 (en) 1998-03-12
ES2199372T3 (en) 2004-02-16
CN1236451A (en) 1999-11-24
KR20010029480A (en) 2001-04-06
RU2221269C2 (en) 2004-01-10
EP1010059A2 (en) 2000-06-21
BR9711990A (en) 1999-10-13
KR100554903B1 (en) 2006-02-24
US5832208A (en) 1998-11-03
ATE241169T1 (en) 2003-06-15
EP1010059B1 (en) 2003-05-21
HK1023826A1 (en) 2000-09-22
EP1237065A2 (en) 2002-09-04
CA2264816A1 (en) 1998-03-12
DE69722266D1 (en) 2003-06-26
EP1010059A4 (en) 2000-06-21
DE69722266T2 (en) 2004-04-08
WO1998010342A3 (en) 1998-05-14
CN1160616C (en) 2004-08-04

Similar Documents

Publication Publication Date Title
CA2264816C (en) Anti-virus agent for use with databases and mail servers
US7917951B1 (en) Detecting malware carried by an e-mail message
US7506155B1 (en) E-mail virus protection system and method
US7065790B1 (en) Method and system for providing computer malware names from multiple anti-virus scanners
US7302706B1 (en) Network-based file scanning and solution delivery in real time
US7673059B2 (en) Tracking electronic content
US7937758B2 (en) File origin determination
US6851058B1 (en) Priority-based virus scanning with priorities based at least in part on heuristic prediction of scanning risk
WO2016095673A1 (en) Application-based behavior processing method and device
US20040015726A1 (en) Preventing e-mail propagation of malicious computer code
US20040049693A1 (en) Modular system for detecting, filtering and providing notice about attack events associated with network security
US6789200B1 (en) Method of automatically instituting secure, safe libraries and functions when exposing a system to potential system attacks
EP1766494A1 (en) Method and system for isolating suspicious email
US20080229416A1 (en) Computer Network Virus Protection System and Method
US7913078B1 (en) Computer network virus protection system and method
KR100819072B1 (en) Mitigating self-propagating e-mail viruses
CN100353277C (en) Implementing method for controlling computer virus through proxy technique
JP2006114044A (en) System and method for detecting invalid access to computer network
JP2007505409A (en) System and method for dynamically updating software in a protocol gateway
MXPA99002143A (en) Anti-virus agent for use with databases and mail servers
Li Computer viruses: The threat today and the expected future
CARNEGIE-MELLON UNIV PITTSBURGH PA 1999 CERT Incident Notes
Eads et al. Development a High Assurance Multilevel Mail Server.
Forte The on-going evolution of viruses

Legal Events

Date Code Title Description
EEER Examination request
MKLA Lapsed