Method and apparatus for identifying and characterizing errant electronic files
First Claim
1. A computer-implemented method for generating a library of checksum values, the method comprising:
- under control of one or more configured computer systems;
storing, in a computer storage medium, a checksum library for assessing suspect files;
identifying a source of known illicit files;
accessing a candidate file stored by a physical storage device for the source;
determining that the candidate file appears within proximity of a minimum threshold number of the known illicit files for the source;
generating a candidate checksum for the candidate file stored by the physical storage device for the source, wherein the known illicit files do not include the candidate file;
determining that the checksum library does not include the candidate checksum; and
adding the candidate checksum to the checksum library stored in the computer storage medium.
2 Assignments
0 Petitions
Accused Products
Abstract
A computer system includes a server having a memory connected thereto. The server is adapted to be connected to a network to permit remote storage and retrieval of data files from the memory. A file identification application is operative with the server to identify errant files stored in the memory. The file identification application provides the functions of: (1) selecting a file stored in said memory; (2) generating a unique checksum corresponding to the stored fire; (3) comparing said unique checksum to each of a plurality of previously generated checksums, wherein the plurality of previously generated checksums correspond to known errant files; and (4) marking the file for deletion from the memory if the unique checksum matches one of the plurality of previously generated checksums.
-
Citations
19 Claims
-
1. A computer-implemented method for generating a library of checksum values, the method comprising:
under control of one or more configured computer systems; storing, in a computer storage medium, a checksum library for assessing suspect files; identifying a source of known illicit files; accessing a candidate file stored by a physical storage device for the source; determining that the candidate file appears within proximity of a minimum threshold number of the known illicit files for the source; generating a candidate checksum for the candidate file stored by the physical storage device for the source, wherein the known illicit files do not include the candidate file; determining that the checksum library does not include the candidate checksum; and adding the candidate checksum to the checksum library stored in the computer storage medium. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
10. A computer system, comprising:
-
a computer storage device configured to store a checksum library for assessing suspect files; a server adapted to be connected to a network to permit retrieval of files from a file source; and a file identification application operative with the server to generate the checksum library, the file identification application providing the functions of; identifying the file source as a source of known illicit files; accessing a candidate file stored by a physical storage device for the file source; determining that the candidate file appears within proximity of a minimum threshold number of the known illicit files for the source; generating a candidate checksum for the candidate file from the file source, wherein the known illicit files do not include the candidate file; determining that the checksum library does not include the candidate checksum; and adding the candidate checksum to the checksum library stored in the computer storage device. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A physical storage device having instructions stored thereon, the instructions comprising:
-
instructions for storing, in a computer storage medium, a checksum library for assessing suspect files; instructions for identifying a source of known illicit files; instructions for accessing a candidate file stored by a physical storage device for the source; instructions for determining that the candidate file appears within proximity of a minimum threshold number of the known illicit files for the source; instructions for generating a candidate checksum for the candidate file stored by the physical storage device for the source, wherein the known illicit files do not include the candidate file; instructions for determining that the checksum library does not include the candidate checksum; and instructions for adding the candidate checksum to the checksum library stored in the computer storage medium.
-
Specification