Malware scanning using a network bridge

US 20030021280A1
Filed: 07/26/2001
Published: 01/30/2003
Est. Priority Date: 07/26/2001
Status: Active Grant

First Claim

Patent Images

1. A network bridge having a malware scanner.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network bridge (14) has an associated malware scanner (16) that serves to concatenate portions of a data file from within data packets intercepted by the network bridge (14) and then scan the data file concerned before the data file is forwarded to its intended recipient by the network bridge (14). The network bridge (14) may be inserted in a network topology without requiring significant network configuration changes. The network bridge (14) may include a packet analysis unit (56) that serves to intercept only data packets having a predetermined network layer protocol or a predetermined application layer protocol.

64 Citations

View as Search Results

27 Claims

1. A network bridge having a malware scanner.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. A network bridge as claimed in claim 1, comprising a data packet analyser operable to identify data packets received by said network bridge at least a portion of which are to be passed to said malware scanner for scanning.
  - 3. A network bridge as claimed in claim 2, wherein said data packet analyser identifies data packets having a predetermined network layer protocol as to be passed to said malware scanner for scanning.
  - 4. A network bridge as claimed in claim 3, wherein said predetermined network layer protocol is one or more of:
    - TCP/IP;
      
      IPX;
      
      SNA; and
      
      Appletalk.
  - 5. A network bridge as claimed in claim 2, wherein said data packet analyser identifies data packets having a predetermined application layer protocol as to be passed to said malware scanner for scanning.
  - 6. A network bridge as claimed in claim 5, wherein said predetermined application layer protocol is one or more of:
    - SMTP;
      
      FTP;
      
      HTTP;
      
      SMB; and
      
      NFS.
  - 7. A network bridge as claimed in claim 1, wherein said malware scanner is operable to concatenate portions of a data file from a plurality of data packets to form a data file to be scanned.
  - 8. A network bridge as claimed in claim 1, wherein said malware scanner is operable to scan for one or more of:
    - computer viruses;
      
      Trojans;
      
      worms;
      
      banned computer programs; and
      
      banned words within e-mail messages.
  - 9. A network bridge as claimed in claim 1, wherein data that has been scanned by said malware scanner is forwarded to its intended recipient.
  - 10. A network bridge as claimed in claim 1, wherein said malware scanner is formed of one or more of:
    - a software based malware scanner; and
      
      a hardware based malware scanner.

11. A network bridge operable to intercept one or more data packets, to forward at least a portion of said data packets to a malware scanner for scanning, and to forward data from said data packets after scanning to its intended recipient.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. A network bridge as claimed in claim 11, comprising a data packet analyser operable to identify data packets received by said network bridge at least a portion of which are to be passed to said malware scanner for scanning.
  - 13. A network bridge as claimed in claim 12, wherein said data packet analyser identifies data packets having a predetermined network layer protocol as to be passed to said malware scanner for scanning.
  - 14. A network bridge as claimed in claim 13, wherein said predetermined network layer protocol is one or more of:
    - TCP/IP;
      
      IPX;
      
      SNA; and
      
      Appletalk.
  - 15. A network bridge as claimed in claim 12, wherein said data packet analyser identifies data packets having a predetermined application layer protocol as to be passed to said malware scanner for scanning.
  - 16. A network bridge as claimed in claim 15, wherein said predetermined application layer protocol is one or more of:
    - SMTP;
      
      FTP;
      
      HTTP;
      
      SMB; and
      
      NFS.

17. A malware scanner operable to receive at least a portion of one or more data packets intercepted by a network bridge, to concatenate said data packets into a data file to be scanned and to forward said data file after scanning to its intended recipients via said network bridge.
- View Dependent Claims (18, 19)
- - 18. A malware scanner as claimed in claim 17, wherein said malware scanner is operable to scan for one or more of:
    - computer viruses;
      
      Trojans;
      
      worms;
      
      banned computer programs; and
      
      banned words within e-mail messages.
  - 19. A malware scanner as claimed in claim 17, wherein said malware scanner is formed of one or more of:
    - a software based malware scanner; and
      
      a hardware based malware scanner.

20. A method of malware scanning comprising the steps of:
- receiving data packets at a network bridge;
  
  sending at least a portion of said data packets from said network bridge to a malware scanner;
  
  concatenating data received by said malware scanner to form a data file to be scanned;
  
  scanning said data file with said malware scanner; and
  
  forwarding said data file after scanning via said network bridge to its intended recipient.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. A method as claimed in claim 20, comprising the step of identifying data packets received by said network bridge that are to be passed to said malware scanner for scanning.
  - 22. A method as claimed in claim 21, wherein data packets having a predetermined network layer protocol are identified as to be passed to said malware scanner for scanning.
  - 23. A method as claimed in claim 22, wherein said predetermined network layer protocol is one or more of:
    - TCP/IP;
      
      IPX;
      
      SNA; and
      
      Appletalk.
  - 24. A method as claimed in claim 21, wherein data packets having a predetermined application layer protocol are identified as to be passed to said malware scanner for scanning.
  - 25. A method as claimed in claim 24, wherein said predetermined application layer protocol is one or more of:
    - SMTP;
      
      FTP;
      
      HTTP;
      
      SMB; and
      
      NFS.
  - 26. A method as claimed in claim 20, wherein said scanning scans for one or more of:
    - computer viruses;
      
      Trojans;
      
      worms;
      
      banned computer programs; and
      
      banned words within e-mail messages.
  - 27. A method as claimed in claim 20, wherein said malware scanner is formed of one or more of:
    - a software based malware scanner; and
      
      a hardware based malware scanner.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Baulk, Eamonn John, Wolff, Daniel Joseph, Makinson, Graham Arthur

Granted Patent

US 7,023,861 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/401
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/0245   Filtering by information in...

H04L 63/145   the attack involving the pr...

Malware scanning using a network bridge

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

64 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Malware scanning using a network bridge

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

64 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others