Centralized Scanner Database With Qptimal Definition Distribution Using Network Queries
First Claim
1. A computer-implemented method for detecting malware, comprising:
- applying a filter to an input file to detect if the input file has characteristics matching those of a malware definition in a set of known malware definitions;
responsive to the input file having characteristics matching those of the malware definition based on applying the filter, scanning the input file using the malware definition; and
determining if the input file comprises malware based on the scanning.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method detects malware on client devices based on partially distributed malware definitions from a central server. A server stores malware definitions for known malware. The server generates one or more filters based on the malware definitions and distributes the filter(s) to client devices. The server also distributes full definitions to the clients for a subset of the most commonly detected malware. The client device scans files for malware by first applying the filter to a file. If the filter outputs a positive detection, the client scans the file using the full definition to determine if the file comprises malware. If the full definition is not stored locally by the client, the client queries the server for the definition and then continues the scanning process.
-
Citations
20 Claims
-
1. A computer-implemented method for detecting malware, comprising:
-
applying a filter to an input file to detect if the input file has characteristics matching those of a malware definition in a set of known malware definitions; responsive to the input file having characteristics matching those of the malware definition based on applying the filter, scanning the input file using the malware definition; and determining if the input file comprises malware based on the scanning. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer program product for detecting malware, the computer program product comprising a computer-readable storage medium containing computer program code for:
-
applying a filter to an input file to detect if the input file has characteristics matching those of a malware definition in a set of known malware definitions; responsive to the input file having characteristics matching those of the malware definition based on applying the filter, scanning the input file using the malware definition; and determining if the input file comprises malware based on the scanning. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A method for distributing malware definitions to a client device, comprising:
-
generating a filter from a set of known malware definitions, wherein the filter detects if an input file has characteristics matching those of the set of known malware definitions; distributing the filter to the client device; and distributing a subset of malware definitions from the set of known malware definitions used to generate the filter to the client device together with the filter. - View Dependent Claims (18, 19, 20)
-
Specification