Prioritizing the scanning of messages using the reputation of the message destinations
First Claim
1. A method, comprising:
- identifying a plurality of messages to scan with an updated malware definition;
identifying reputations of a plurality of message destinations associated with the plurality of messages, wherein the reputations are based on one or more reputation clusters, wherein each reputation cluster further comprises one or more nodes representing the plurality of message destinations and one or more edges representing communications between the nodes;
determining an access time for one or more users associated with the plurality of message destinations;
determining a prioritization for scanning the plurality of messages using the identified reputations and the determined access times by assigning higher prioritization to message destinations that have working hours that occur earlier in a period of time;
scanning the plurality of messages using the updated malware definition in the prioritization;
identifying an infected message of the plurality of messages using the updated malware definition; and
removing malware identified by the updated malware definition on the infected message.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods, computer program products, computer systems, and the like, which protect messages in an electronic messaging system, are disclosed. The methods, computer program products, computer systems, and the like include detecting an occurrence of an event, and, in response to the detecting the occurrence of the event, scanning a message. The occurrence of the event indicates that the message should be scanned. The message includes recipient information, which identifies a recipient of the message, and is stored in a message store. The message has been received at a message destination associated with the recipient. The scanning uses a malware definition. The scanning is performed prior to the message being retrieved from the message store in response to a request by the recipient to retrieve the message from the message store. The event is other than the request by the recipient to retrieve the message from the message store.
22 Citations
18 Claims
-
1. A method, comprising:
-
identifying a plurality of messages to scan with an updated malware definition; identifying reputations of a plurality of message destinations associated with the plurality of messages, wherein the reputations are based on one or more reputation clusters, wherein each reputation cluster further comprises one or more nodes representing the plurality of message destinations and one or more edges representing communications between the nodes; determining an access time for one or more users associated with the plurality of message destinations; determining a prioritization for scanning the plurality of messages using the identified reputations and the determined access times by assigning higher prioritization to message destinations that have working hours that occur earlier in a period of time; scanning the plurality of messages using the updated malware definition in the prioritization; identifying an infected message of the plurality of messages using the updated malware definition; and removing malware identified by the updated malware definition on the infected message. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer system comprising:
-
a processor; system memory; and a scanning module residing in the system memory, the scanning module configured to; identify a plurality of messages to scan with an updated malware definition; identify reputations of a plurality of message destinations associated with the plurality of messages, wherein the reputations are based on one or more reputation clusters, wherein each reputation cluster further comprises one or more nodes representing the plurality of message destinations and one or more edges representing communications between the nodes; determine an access time for one or more users associated with the plurality of message destinations; determine a prioritization for scanning the plurality of messages using the identified reputations by assigning higher prioritization to message destinations that have working hours that occur earlier in a period of time; scan the plurality of messages using the updated malware definition in an order based on the prioritization; identify an infected message of the plurality of messages using the updated malware definition; and remove malware identified by the updated malware definition on the infected message. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable-storage medium comprising one or more computer-executable instructions that, when executed by at least one processor of a computing device, cause the computing device to:
-
identify a plurality of messages to scan with an updated malware definition; identify reputations of a plurality of message destinations associated with the plurality of messages, wherein the reputations are based on one or more reputation clusters, wherein each reputation cluster further comprises one or more nodes representing the plurality of message destinations and one or more edges representing communications between the nodes; determine an access time for one or more users associated with the plurality of message destinations; determine a prioritization for scanning the plurality of messages using the identified reputations and the determined access times by assigning higher prioritization to message destinations that have working hours that occur earlier in a period of time; scan the plurality of messages using the updated malware definition in an order based on the prioritization; identify an infected message of the plurality of messages using the updated malware definition; and remove malware identified by the updated malware definition on the infected message. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification