Methods, software and apparatus for detecting and neutralizing viruses from computer systems and networks

US 20080263670A1
Filed: 03/26/2008
Published: 10/23/2008
Est. Priority Date: 09/26/2005
Status: Abandoned Application

First Claim

Patent Images

1. In a computer network environment comprising a gateway device operatively coupled to and between at least one client computer and a data communications network having an originating computer, a method for detecting and neutralizing an electronic virus directed to the gateway device comprises:

a) upon receiving a request from at least one client computer by the gateway device, issuing a request for a data stream or plurality of data packets from the public data communications network;

b) receiving the requested data stream or plurality of data packets at the gateway device;

c) temporarily storing and scanning the data stream or plurality of data packets for at least one virus or indicator of malicious content;

d) notifying at least one client computer that a virus or indicator of malicious content has been detected;

e) presenting the notified client computer with a plurality of virus handling action options for selection by the operator thereof; and

f) one of performing the selected virus handling action option, randomly selecting one of the plurality of virus handling action options or doing nothing.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, software or computer programs, and apparatus for detecting viruses and mitigating their harm to computers communicating through a gateway node to another network are disclosed. Upon detection of a virus in an incoming data stream or plurality of data packets directed to a gateway device or node, the data requesting recipient is notified and provided with a plurality of pre-defined virus handling action options. If the recipient, or designated proxy, fails to select an action option, then a random selection is made. If a selection is made, then that selection, to the exclusion of other action options, is carried out. Thus, the recipient is empowered to dynamically select, as circumstances dictate and without future prejudice, the appropriate response upon detection of a particular virus. Action options may include data encryption and forwarding with recipient notification, or where email is the vector, attachment removal and location link insertion may be used. Software embodiments of the invention provide the machine readable instructions to carry out the methods according to the invention.

Citations

15 Claims

1. In a computer network environment comprising a gateway device operatively coupled to and between at least one client computer and a data communications network having an originating computer, a method for detecting and neutralizing an electronic virus directed to the gateway device comprises:
- a) upon receiving a request from at least one client computer by the gateway device, issuing a request for a data stream or plurality of data packets from the public data communications network;
  
  b) receiving the requested data stream or plurality of data packets at the gateway device;
  
  c) temporarily storing and scanning the data stream or plurality of data packets for at least one virus or indicator of malicious content;
  
  d) notifying at least one client computer that a virus or indicator of malicious content has been detected;
  
  e) presenting the notified client computer with a plurality of virus handling action options for selection by the operator thereof; and
  
  f) one of performing the selected virus handling action option, randomly selecting one of the plurality of virus handling action options or doing nothing.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein the plurality of virus handling action options comprises encrypting at least that portion of the data stream or plurality of data packets comprising the virus.
  - 3. The method of claim 1 wherein the plurality of virus handling action options comprises forwarding at least that portion of the data stream or plurality of data packets comprising the virus to a remote destination.
  - 4. The method of claim 1 wherein the plurality of virus handling action options comprises replacing at least that portion of the data stream or plurality of data packets comprising the virus with a computer readable link to where the removed data can be found.
  - 5. The method of claim 1 wherein the random selection of one of the plurality of virus handling action options occurs if there is no selection of any virus handling action option by the operator.
  - 6. The method of claim 1 wherein nothing is done if there is no selection of any virus handling action option by the operator.
  - 7. The method of claim 1 wherein the plurality of virus handling action options comprises notifying the originating computer that the data stream or plurality of data packets has not been received.
  - 8. The method of claim 1 wherein notification of the at least one client computer uses User Datagram Protocol (UDP).
  - 9. The method of claim 1 wherein the data stream or plurality of data packets is sent in Hyper Text Transfer Protocol (HTTP).
  - 10. The method of claim 1 wherein the data stream or plurality of data packets is sent in File Transfer Protocol (FTP).
  - 11. The method of claim 1 wherein the data stream or plurality of data packets is sent in Simple Mail Transfer Protocol (SMTP).
  - 12. The method of claim 1 wherein the originating computer comprises a POP3 server and only those portions of the data stream or plurality of data packets wherein a virus or indicator of malicious content has not been detected are indicating to the client computer as available for transfer thereto.
  - 13. The method of claim 1 wherein the originating computer comprises a POP3 server, the data stream or plurality of data packets encode electronic mail messages, the temporary storing and scanning applies only to attachment portions of the electronic mail messages, and replacing at least some of the attachments with a computer readable link to where the removed data can be found.
  - 14. The method of claim 13 wherein all attachments are replaced with a computer readable link to where the removed data can be found.
  - 15. The method of claim 13 wherein only those attachments comprising the virus are replaced with a computer readable link to where the removed data can be found.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Wiresoft Net Incorporated
Original Assignee
Wiresoft Net Incorporated
Inventors
Stavrica, Ovidiu

Application Number

US12/079,923
Publication Number

US 20080263670A1
Time in Patent Office

Days
Field of Search
US Class Current

726/24
CPC Class Codes

H04L 51/00   User-to-user messaging in p...

H04L 51/08   Annexed information, e.g. a...

H04L 51/222   using geographical location...

H04L 63/0281   Proxies

H04L 63/145   the attack involving the pr...

Methods, software and apparatus for detecting and neutralizing viruses from computer systems and networks

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Methods, software and apparatus for detecting and neutralizing viruses from computer systems and networks

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links