Detection of exploits in files
First Claim
1. A method of scanning computer files for exploits, the method comprising:
- maintaining a database of validation rules, in respect of each of a plurality of file formats comprising data fields having a predetermined structure, the validation rules specifying valid structure and/or content for the data fields of the respective file format;
determining the file format of respective files; and
performing, on respective files, a validation process comprising parsing the file to determine the structure and content of its data fields and validating the structure and/or content of the data fields of the file against the validation rules stored in the database in respect of the determined file format of the file, a determination that a file contains an exploit being made in response to the structure and/or content of the data fields of the file failing to be validated.
2 Assignments
0 Petitions
Accused Products
Abstract
A scanning system for scanning computer files for exploits uses a database of validation rules, in respect of each of a plurality of file formats comprising data fields having a predetermined structure, the validation rules specifying valid structure and/or content for the data fields of the respective file format. Files are analysed to determine their file format. A validation process is performed comprising parsing the file to determine the structure and content of its data fields and validating the structure and/or content of the data fields of the file against the validation rules stored in the database in respect of the determined file format of the file. A file is determined to contain an exploit in response to the structure and/or content of the data fields of the file failing to be validated.
-
Citations
36 Claims
-
1. A method of scanning computer files for exploits, the method comprising:
-
maintaining a database of validation rules, in respect of each of a plurality of file formats comprising data fields having a predetermined structure, the validation rules specifying valid structure and/or content for the data fields of the respective file format; determining the file format of respective files; and performing, on respective files, a validation process comprising parsing the file to determine the structure and content of its data fields and validating the structure and/or content of the data fields of the file against the validation rules stored in the database in respect of the determined file format of the file, a determination that a file contains an exploit being made in response to the structure and/or content of the data fields of the file failing to be validated. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A scanning system for scanning computer files for exploits, the system comprising:
-
a database of validation rules, in respect of each of a plurality of file formats comprising data fields having a predetermined structure, the validation rules specifying valid structure and/or content for the data fields of the respective file format; a file format identifier operative to determine the file format of respective files; a validation unit operative to perform, on respective files, a validation process comprising parsing the file to determine the structure and content of its data fields and validating the structure and/or content of the data fields of the file against the validation rules stored in the database in respect of the determined file format of the file, and operative to make a determination that a file contains an exploit in response to the structure and/or content of the data fields of the file failing to be validated - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
Specification