First response computer virus blocking.
First Claim
1. A method of screening a software file for viral infection, the method comprising:
- defining a database of known infected file signatures;
determining a signature for a file; and
screening that signature against the signatures contained in said database to determine if there is a match.
0 Assignments
0 Petitions
Accused Products
Abstract
A process of screening one or more software files to determine any that are recognized to have a matching hash signature with a file contained in a database of files known to be Virus, Trojan, Worm, or otherwise potentially malicious or suspicious which then can be safely blocked, quarantined and/or deleted. This is accomplished through a method and apparatus running on a firewall, network device, mail server, server, personal computer, PDA, cell phone or wireless device to compare the hash signature of each incoming software file against a regularly updated database of known infected file hash signatures. One or more users can be alerted when an infected file is identified. If quarantined the file is safely stored until virus software is updated properly with later developed virus definitions file(s), which are then used to eradicate or clean the infected file(s) or computer systems.
170 Citations
49 Claims
-
1. A method of screening a software file for viral infection, the method comprising:
-
defining a database of known infected file signatures;
determining a signature for a file; and
screening that signature against the signatures contained in said database to determine if there is a match. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 27, 28, 38, 39, 40, 41)
-
-
22. Apparatus for screening a software file for viral infection, the apparatus comprising:
-
a memory storing a database of known infected file signatures; and
a data processor arranged to scan said file to determine whether or not the file has a signature corresponding to one of the signatures contained in said database. - View Dependent Claims (23, 29, 30, 31, 32, 33, 34, 35, 36, 37)
-
-
24. A computer memory encoded with executable instructions representing a computer program for causing computer system to:
-
maintain a database of known infected file signatures; and
determine whether or not the file has a signature corresponding to one of the signatures contained in said database. - View Dependent Claims (25, 26)
-
-
42. Apparatus for determining a partial file hash signature:
-
a memory storing a database of known infected file signatures; and
a memory storing a database of partial file signatures; and
a data processor arranged to scan said file incrementally and add file hash signatures, upon request, to said database of partial file signatures; and
to add said hash signatures, upon request, to said database of infected file signatures. - View Dependent Claims (43, 44, 45, 46, 47, 48, 49)
-
Specification