Optimized network cache for virus scanning by examining the magic bytes of a file
First Claim
1. A method for processing file-access requests at a network device, the method comprising:
- receiving a file-access request at the network device, the file-access request specifying a client-requested file to return to a requesting client;
retrieving the client-requested file;
determining whether the client-requested file includes a predefined byte pattern corresponding to a non-viral file type;
forwarding a file-access response containing the client-requested file to the requesting client if the client-requested file is determined to include the predefined byte pattern; and
forwarding the file-access response to a remote server if the client-requested file is determined not to include the predefined byte pattern, the remote server being configured to scan the client-requested file for viruses.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method is provided for reliably detecting the file type of a client-requested file and by-passing conventional ICAP processing if the detected file type corresponds to a non-viral file. The client-requested file is examined to determine whether it contains a predefined byte pattern (or “file signature”) corresponding to a non-viral file type. The file signature may be embodied as one or more predetermined “magic bytes” located at known file offsets. For instance, the client-requested file may be identified as a particular type of image file if it contains the set of magic bytes associated with that image file format. Unlike prior implementations, when the client-requested file is determined to contain magic bytes corresponding to a non-viral file type, such as an image file, the file is returned to the requesting client without performing conventional ICAP virus-scanning operations.
64 Citations
26 Claims
-
1. A method for processing file-access requests at a network device, the method comprising:
-
receiving a file-access request at the network device, the file-access request specifying a client-requested file to return to a requesting client;
retrieving the client-requested file;
determining whether the client-requested file includes a predefined byte pattern corresponding to a non-viral file type;
forwarding a file-access response containing the client-requested file to the requesting client if the client-requested file is determined to include the predefined byte pattern; and
forwarding the file-access response to a remote server if the client-requested file is determined not to include the predefined byte pattern, the remote server being configured to scan the client-requested file for viruses. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network device, comprising:
-
means for receiving a file-access request at the network device, the file-access request specifying a client-requested file to return to a requesting client;
means for retrieving the client-requested file;
means for determining whether the client-requested file includes a predefined byte pattern corresponding to a non-viral file type;
means for forwarding a file-access response containing the client-requested file to the requesting client if the client-requested file is determined to include the predefined byte pattern; and
means for forwarding the file-access response to a remote server if the client-requested file is determined not to include the predefined byte pattern, the remote server being configured to scan the client-requested file for viruses. - View Dependent Claims (12, 13, 14, 15)
-
-
16. A network device, comprising:
-
a processor;
a first network interface adapted to receive a file-access request, the file-access request specifying a client-requested file to return to a requesting client;
a second network interface adapted to communicate with a remote server, the remote server being configured to scan the client-requested file for viruses; and
a memory adapted to store instructions which are executable by the processor for performing the steps of;
retrieving the client-requested file;
determining whether the client-requested file includes a predefined byte pattern corresponding to a non-viral file type;
forwarding a file-access response containing the client-requested file over the first network interface to the requesting client if the client-requested file is determined to include the predefined byte pattern; and
forwarding the file-access response over the second network interface to the remote server if the client-requested file is determined not to include the predefined byte pattern. - View Dependent Claims (17, 18, 19, 20, 21)
-
-
22. A network, comprising:
-
a client device configured to transmit a file-access request specifying a client-requested file;
a server device configured to scan the client-requested file for viruses; and
a network device adapted to receive the client-requested file and further configured to;
retrieve the client-requested file;
determine whether the client-requested file includes a predefined byte pattern corresponding to a non-viral file type;
forward a file-access response containing the client-requested file to the client device if the client-requested file is determined to include the predefined byte pattern; and
forward the file-access response to the server device if the client-requested file is determined not to include the predefined byte pattern. - View Dependent Claims (23, 24, 25, 26)
-
Specification