Antivirus scanning in a hard-linked environment
First Claim
1. A computer-implemented method for detecting malicious computer code in a file associated with a computer, said method comprising the steps of:
- determining whether there is more than one hard link to the file; and
when there is more than one hard link;
ascertaining the identities of all the hard links; and
performing an antivirus scan on the file based upon the hard link(s) having the most restrictive scanning criteria of all the hard links.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer-implemented methods, apparati, and computer-readable media for detecting malicious computer code in a file (2) associated with a computer (10). A method of the present invention comprises the steps of determining whether there is more than one hard link (1) to the file (2); and when there is more than one hard link (1), ascertaining the identities of all the hard links (1), and performing an antivirus scan on the file (2) based upon the hard link(s) (1) having the most restrictive scanning criteria of all the hard links (1), or upon the union of scanning criteria amongst all the hard links (1).
103 Citations
40 Claims
-
1. A computer-implemented method for detecting malicious computer code in a file associated with a computer, said method comprising the steps of:
-
determining whether there is more than one hard link to the file; and
when there is more than one hard link;
ascertaining the identities of all the hard links; and
performing an antivirus scan on the file based upon the hard link(s) having the most restrictive scanning criteria of all the hard links. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 39, 40)
-
-
18. Apparatus for detecting malicious computer code in a file associated with a computer, said apparatus comprising:
-
a backpointer table construction module coupled to the file, said module adapted to construct a backpointer table for the file when the file has more than one hard link;
an antivirus scanner coupled to the file and adapted to scan the file for the presence of malicious computer code; and
a file system filter driver coupled to the file and to the antivirus scanner, said driver instructing the antivirus scanner to examine the backpointer table when the file has more than one hard link.
-
-
19. A computer-readable medium containing computer program instructions for detecting malicious computer code in a file associated with a computer, said instructions performing the steps of:
-
determining whether there is more than one hard link to the file; and
when there is more than one hard link;
ascertaining the identities of all the hard links; and
performing an antivirus scan on the file based upon the hard link(s) having the most restrictive scanning criteria of all the hard links. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
-
35. A computer-implemented method for accessing a computer file, said method comprising the steps of:
-
determining whether there is more than one hard link to the file;
when there is more than one hard link, creating a backpointer table storing all the hard links to the file; and
accessing the file via one of the hard links, wherein any changes made to the file during said accessing are present during any subsequent accessing of the file via any of the hard links.
-
-
36. A computer-implemented method for detecting malicious computer code in a file associated with a computer, said method comprising the steps of:
-
determining whether there is more than one hard link to the file; and
when there is more than one hard link;
ascertaining the identities of all the hard links; and
performing an antivirus scan on the file based upon the union of scanning criteria amongst all the hard links. - View Dependent Claims (37, 38)
-
Specification