Method and apparatus for identifying and characterizing errant electronic files
3 Assignments
0 Petitions
Accused Products
Abstract
A computer system includes a, server having a memory connected thereto. The server is adapted to be connected to a network to permit remote storage and retrieval of data files from the memory. A file identification application is operative with the server to identify errant files stored in the memory. The file identification application provides the functions of: (1) selecting a file stored in said memory; (2) generating a unique checksum corresponding to the stored file; (3) comparing said unique checksum to each of a plurality of previously generated checksums, wherein the plurality of previously generated checksums correspond to known errant files; and (4) marking the file for deletion from the memory if the unique checksum matches one of the plurality of previously generated checksums.
56 Citations
88 Claims
-
1-58. -58. (canceled)
-
59. A computer-implemented method for identifying and characterizing stored electronic files, said method comprising:
-
processing a file from a computer storage medium using an algorithm to generate an identification value determined by processing contents of the file using the algorithm;
comparing the identification value to each of a plurality of identification values each associated with one of a plurality of unauthorized files, wherein each of the plurality of unauthorized files is substantially free from infection with a computer virus; and
characterizing the file as an identified unauthorized file if the identification value matches one of the plurality of identification values. - View Dependent Claims (60, 61, 62, 63, 64, 65, 70, 71, 72, 73)
-
-
66. The method of 65, wherein the processing step comprises using the algorithm, wherein the algorithm is configured for generating a first checksum corresponding to a first portion of said stored file and a second checksum corresponding to a second portion of said stored file.
-
67. The method of 65, wherein the processing step comprises using the algorithm, wherein the algorithm is configured for generating a first checksum corresponding to a first portion of said stored file and a second checksum corresponding to a larger portion of said stored file that includes the first portion.
-
68. The method of 65, wherein the processing step comprises using the algorithm, wherein the algorithm is configured for generating the checksum for graphics files based on vector graphics analysis.
-
69. The method of 65, wherein the processing step comprises using the algorithm, wherein the algorithm is configured for dividing a graphical image file into blocks and comparing relationships between the blocks.
-
74. A computer system, comprising:
-
a server having a memory connected, thereto, said server being adapted to be connected to a network to permit remote storage and retrieval of data files from said memory; and
a file identification application operative with said server to identify unauthorized files stored in said memory, said file identification application providing the functions of;
processing a file from the memory using an algorithm to generate an identification value determined by processing contents of the file using the algorithm;
comparing the identification value to each of a plurality of identification values each associated with one of a plurality of unauthorized files, wherein each of the plurality of unauthorized files is substantially free from infection with a computer virus; and
characterizing the file as an identified unauthorized file if the identification value matches one of the plurality of identification values. - View Dependent Claims (75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88)
-
Specification