Controlling a message quarantine
First Claim
Patent Images
1. An apparatus, comprising:
- a network interface;
one or more processors coupled to the network interface;
logic coupled to the one or more processors which, when executed by the one or more processors, causes the one or more processors to perform;
receiving and storing a plurality of rules specifying characteristics of electronic messages that indicate threats associated with the messages, wherein each rule has a priority value, wherein each rule is associated with a message element type;
receiving an electronic mail message having a destination address for a recipient account, wherein the message comprises a plurality of message elements;
extracting a first message element;
determining a threat score value for the message by matching only the first message element to only selected rules having a message element type corresponding to the first message element, and according to an order of the priorities of the selected rules;
when the threat score value is greater than a specified threshold, outputting the threat score value.
0 Assignments
0 Petitions
Accused Products
Abstract
Controlling a message quarantine is disclosed. A message scanning method is described in which early exit from parsing and scanning can occur by matching threat rules only to selected message elements and stopping rule matching as soon as a match on one message element exceeds a threat threshold.
-
Citations
19 Claims
-
1. An apparatus, comprising:
-
a network interface;
one or more processors coupled to the network interface;
logic coupled to the one or more processors which, when executed by the one or more processors, causes the one or more processors to perform;
receiving and storing a plurality of rules specifying characteristics of electronic messages that indicate threats associated with the messages, wherein each rule has a priority value, wherein each rule is associated with a message element type;
receiving an electronic mail message having a destination address for a recipient account, wherein the message comprises a plurality of message elements;
extracting a first message element;
determining a threat score value for the message by matching only the first message element to only selected rules having a message element type corresponding to the first message element, and according to an order of the priorities of the selected rules;
when the threat score value is greater than a specified threshold, outputting the threat score value. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus, comprising:
-
means for receiving and storing a plurality of rules specifying characteristics of electronic messages that indicate threats associated with the messages, wherein each rule has a priority value, wherein each rule is associated with a message element type;
means for receiving an electronic mail message having a destination address for a recipient account, wherein the message comprises a plurality of message elements;
means for extracting a first message element;
means for determining a threat score value for the message by matching only the first message element to only selected rules having a message element type corresponding to the first message element, and according to an order of the priorities of the selected rules;
means for outputting the threat score value when the threat score value is greater than a specified threshold.
-
-
11. A method, comprising:
-
a network interface;
one or more processors coupled to the network interface;
logic coupled to the one or more processors which, when executed by the one or more processors, causes the one or more processors to perform;
receiving and storing a plurality of rules specifying characteristics of electronic messages that indicate threats associated with the messages, wherein each rule has a priority value, wherein each rule is associated with a message element type;
receiving an electronic mail message having a destination address for a recipient account, wherein the message comprises a plurality of message elements;
extracting a first message element;
determining a threat score value for the message by matching only the first message element to only selected rules having a message element type corresponding to the first message element, and according to an order of the priorities of the selected rules;
when the threat score value is greater than a specified threshold, outputting the threat score value. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
-
Specification