DETECTING MALWARE CARRIED BY AN E-MAIL MESSAGE
9 Assignments
0 Petitions
Accused Products
Abstract
An anti-virus system provider distributes an e-mail identifying content filtering rule seeking to identify e-mail messages suspected of containing an item of malware from a central source (20) to users (2). This distribution may be by an e-mail message itself which is appropriately signed and encrypted. At the user system (2), the received e-mail identifying content filtering rule is extracted from the e-mail message and added to the content filtering rules (18) being applied within that user system. In this way, malware which is distributed by e-mail may be identified by characteristics of its carrier e-mail rather than characteristics of the malware itself which not yet have been properly analysed or the mechanisms for detecting such characteristics of the malware itself not yet put in place.
67 Citations
46 Claims
-
1-26. -26. (canceled)
-
27. A method, comprising:
-
receiving an e-mail message at a computer; evaluating characteristics of the e-mail message based on a set of rules in order to detect a presence of malware, wherein the evaluating of the characteristics is performed without identifying offending virus code within a file in the e-mail; and determining that the e-mail message includes malware based on evaluating the characteristics. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. An apparatus, comprising:
a gateway computer coupled to an end user computer over a network connection, the gateway computer including a rule engine, the gateway computer being configured for; evaluating characteristics of an e-mail message based on a set of rules in order to detect a presence of malware, wherein the evaluating of the characteristics is performed without identifying offending virus code within a file in the e-mail; and determining that the e-mail message includes malware based on evaluating the characteristics. - View Dependent Claims (37, 38, 39, 40)
-
41. Logic encoded in non-transitory media that includes code for execution and when executed by a processor operable to perform operations comprising:
-
receiving an e-mail message at a computer; evaluating characteristics of the e-mail message based on a set of rules in order to detect a presence of malware, wherein the evaluating of the characteristics is performed without identifying offending virus code within a file in the e-mail; and determining that the e-mail message includes malware based on evaluating the characteristics. - View Dependent Claims (42, 43, 44, 45, 46)
-
Specification