Zero-minute virus and spam detection
First Claim
1. A method for detecting unwanted electronic messages at a certain location on an electronic communications network, the method comprising:
- a) establishing a database for storing metadata associated with electronic message traffic according to at least source addresses of senders of electronic messages;
b) monitoring electronic message transmissions at the certain location on the electronic communications network;
c) populating the database with metadata derived from analysis of the monitored electronic messages, the metadata including metadata derived by analyzing the content of the monitored electronic messages;
d) determining that certain monitored electronic messages are likely to be unwanted by an intended recipient based on an examination of the metadata associated with the source addresses of the senders of the monitored electronic messages and based on the analysis of the content of the monitored electronic messages, and at least in part without reference to a promulgated database of “
signatures”
of unwanted electronic messages.
4 Assignments
0 Petitions
Accused Products
Abstract
Disclosed in this application are systems and methods for detecting unwanted electronic message transmissions at a certain location on an electronic communications network. The disclosed principles include establishing a database for storing metadata associated with message traffic according to at least the source addresses of the senders of electronic message transmissions. The disclosed principles also include monitoring electronic message transmissions at the certain location on the electronic communications network. Also, included is populating the database with metadata derived from analysis of the monitored electronic messages, where the metadata includes metadata derived by analyzing the contents of the monitored electronic messages. Based upon the populated database, it is determined whether certain received electronic messages are likely to be unwanted based on an examination of the metadata associated with the source addresses of the senders of the received electronic messages and based on the analysis of the content of monitored electronic messages at least in part without reference to a promulgated database of “signatures” of known unwanted electronic messages.
-
Citations
74 Claims
-
1. A method for detecting unwanted electronic messages at a certain location on an electronic communications network, the method comprising:
-
a) establishing a database for storing metadata associated with electronic message traffic according to at least source addresses of senders of electronic messages;
b) monitoring electronic message transmissions at the certain location on the electronic communications network;
c) populating the database with metadata derived from analysis of the monitored electronic messages, the metadata including metadata derived by analyzing the content of the monitored electronic messages;
d) determining that certain monitored electronic messages are likely to be unwanted by an intended recipient based on an examination of the metadata associated with the source addresses of the senders of the monitored electronic messages and based on the analysis of the content of the monitored electronic messages, and at least in part without reference to a promulgated database of “
signatures”
of unwanted electronic messages. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 25)
-
-
19. A method for detecting unwanted electronic messages at a certain location on an electronic communications network, the method comprising:
-
a) establishing a database for storing metadata associated with electronic message traffic according to at least source addresses of senders of electronic messages;
b) monitoring electronic message transmissions at the certain location on the electronic communications network;
c) extracting information from substantially all of the monitored electronic messages as they are transmitted across the electronic communications network, substantially without imposing a delay on the transmission of the electronic messages;
d) populating the database with metadata derived from analysis of the monitored electronic messages, the analysis performed at least in part by program threads for determining unwanted electronic messages, the metadata including metadata derived by analyzing the contents of the monitored electronic messages;
e) determining that certain monitored electronic messages are likely to be unwanted by an intended recipient based on an examination of the metadata associated with the source addresses of the senders of the monitored electronic messages and based on the analysis of the content of the monitored electronic messages, and at least in part without reference to a promulgated database of “
signatures”
of unwanted electronic messages;
f) conditionally delivering electronic messages according to instructions from an interpreter process, the interpreter process communicating with a content-sensing application in logical communication with the interpreter process, such that if the content-sensing application analyzes the monitored electronic messages as likely unwanted, then the method can, in coordination with the interpreter process and content-sensing application, configure the delivery of the unwanted electronic messages to route them to a message quarantine center. - View Dependent Claims (20, 21, 22, 23, 24, 26, 27, 28, 29, 30, 31, 32)
-
-
33. A system for use in detecting the transmission of unwanted electronic messages at a certain location on an electronic communications network, wherein the electronic messages are sent from sending mail servers to a receiving mail servers, the system comprising:
-
a) a system database for storing metadata associated with electronic message traffic according to at least source addresses of senders of electronic messages, and a system interface facilitating access to the system database;
b) a traffic monitor coupled to the system interface and operable to monitor electronic message transmissions at the certain location on the electronic communications network and to store source and destination data for the monitored electronic messages to the system database;
c) a message processing server coupled to the system interface and operable to analyze the monitored electronic messages and then to further populate the system database with the metadata derived from analysis of the monitored electronic messages, the metadata including metadata derived by analyzing the contents of the monitored electronic messages;
d) an interpreter process coupled to the system interface and operable to determine whether certain monitored electronic messages are likely to be unwanted by an intended recipient based on an examination of the metadata associated with the source addresses of the senders of the monitored electronic messages and based on the analysis of the content of the monitored electronic messages at the certain location, and at least in part without reference to a promulgated database of “
signatures”
of unwanted electronic messages. - View Dependent Claims (34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54)
-
-
55. A system for use in detecting the transmission of unwanted electronic messages at a certain location on an electronic communications network, wherein the messages are sent from sending mail servers to receiving mail servers, the system comprising:
-
a) a system database for storing metadata associated with interpreter process message traffic according to at least source addresses of senders of electronic messages, and a system interface facilitating access to the system database;
b) a traffic monitor coupled to the system interface and operable to monitor electronic message transmissions at the certain location on the electronic communications network and to store source and destination data for the monitored electronic messages to the system database;
c) a message processing server coupled to the system interface and operable to analyze the monitored electronic messages, extracting information from the monitored electronic messages as they are transmitted across the electronic communications network, substantially without imposing a delay on the transmission of the electronic messages, and then to further populate the system database with the metadata derived from analysis of the monitored electronic messages, the metadata including metadata derived by analyzing the contents of the monitored electronic messages;
d) an interpreter process coupled to the system interface and operable to determine whether certain monitored electronic messages are likely to be unwanted by an intend ed recipient based on an examination of the metadata associated with the source addresses of the senders of the monitored electronic messages and based on the analysis of the content of the monitored electronic messages at the certain location, and at least in part without reference to a promulgated database of “
signatures”
of unwanted electronic messages;
e) a content-sensing application in logical communication with the interpreter process, wherein the content-sensing application is operable to analyze the contents of the monitored electronic messages; and
f) an interpreter process database for storing the actions of the interpreter process and configuration parameters for applying message processing actions, and an interpreter process interface coupled to the interpreter process and facilitating access to the interpreter process database. - View Dependent Claims (56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74)
-
Specification