Content filtering of remote file-system access protocols
First Claim
1. A method comprisingtransparently proxying, by a gateway device, (i) a first plurality of Apple Filing Protocol (AFP) requests originated by a first process running on a client and relating to a file associated with a share of a server and (ii) a second plurality of AFP protocol requests originated by a second process running on the client and relating to the file;
- anddetermining, by the gateway device, the existence or non-existence of malicious, dangerous or unauthorized content contained within the file byidentifying data being read from or written to the file as a result of the first plurality of AFP requests and the second plurality of AFP requests;
buffering the identified data into a single shared file buffer within a memory of the gateway device; and
when one or more of a plurality of scanning conditions are satisfied, then performing content filtering on the shared file buffer.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a proxy, implemented within a network gateway device of a private network, monitors remote file-system access protocol sessions involving client computer systems and a server computer system associated with the private network. For each file on a share of the server computer system being accessed by one or more of the client computer systems: (i) a shared holding buffer corresponding to the file is created within a shared memory of the network gateway device; (ii) data being read from or written to the file by the monitored remote file-system access protocol sessions is buffered into the shared holding buffer; and (iii) responsive to a predetermined event, content filtering is performed on the shared holding buffer to determine whether malicious, dangerous or unauthorized content is contained within the shared holding buffer.
47 Citations
20 Claims
-
1. A method comprising
transparently proxying, by a gateway device, (i) a first plurality of Apple Filing Protocol (AFP) requests originated by a first process running on a client and relating to a file associated with a share of a server and (ii) a second plurality of AFP protocol requests originated by a second process running on the client and relating to the file; - and
determining, by the gateway device, the existence or non-existence of malicious, dangerous or unauthorized content contained within the file by identifying data being read from or written to the file as a result of the first plurality of AFP requests and the second plurality of AFP requests; buffering the identified data into a single shared file buffer within a memory of the gateway device; and when one or more of a plurality of scanning conditions are satisfied, then performing content filtering on the shared file buffer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
- and
-
8. A network gateway device comprising:
-
a content processor implementing one or more filters configured to detect the presence of malicious code in data being scanned; a transparent Apple Filing Protocol (AFP) proxy, coupled to the content processor, configured to be logically interposed between a client and a server and to cause content filtering to be performed by the content processor on data transferred between the client and server as a result of one or more of a plurality of scanning conditions being triggered by (i) a first plurality of AFP requests originated by a first process running on the client and relating to a file associated with a share of the server and (ii) a second plurality of AFP requests originated by a second process running on the client and relating to the file; and a memory containing therein a single shared file buffer into which data identified as being read from or written to the file as a result of the first plurality of AFP requests and the second plurality of AFP requests is buffered. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of a network gateway device logically interposed between a client and a server, cause the one or more processors to perform a method of content filtering comprising:
-
transparently proxying (i) a first plurality of Apple Filing Protocol (AFP) requests originated by a first process running on the client and relating to a file associated with a share of the server and (ii) a second plurality of AFP requests originated by a second process running on the client and relating to the file; and determining the existence or non-existence of malicious, dangerous or unauthorized content contained within the file by identifying data being read from or written to the file as a result of the first plurality of AFP requests and the second plurality of AFP requests; buffering the identified data into a single shared file buffer within a memory of the gateway device; and when one or more of a plurality of scanning conditions are satisfied, then performing content filtering on the single shared file buffer. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification