System And Method For Malware Detection
First Claim
1. A computer-implemented method for execution on one or more processors, the method comprising:
- receiving a first file;
determining a file type of the first file;
determining, according to a first policy, a plurality of malware detection schemes to apply to the first file based on the determined file type of the first file;
scheduling the application of the determined plurality of malware detection schemes to the first file amongst a plurality of detection nodes according to a second policy; and
in response to determining the results of applying the plurality of malware detection schemes, determining that the first file is suspected malware or determining that the first file is malware according to a third policy.
11 Assignments
0 Petitions
Accused Products
Abstract
According to one embodiment, a computer-implemented method for execution on one or more processors includes receiving a first file and determining a file type of the first file. The method also includes determining, according to a first policy, a plurality of malware detection schemes to apply to the first file based on the determined file type of the first file. In addition, the method includes scheduling the application of the determined plurality of malware detection schemes to the first file amongst a plurality of detection nodes according to a second policy. Further, the method includes determining, in response to determining the results of applying the plurality of malware detection schemes, that the first file is malware or determining that the first file is suspected malware according to a third policy.
-
Citations
32 Claims
-
1. A computer-implemented method for execution on one or more processors, the method comprising:
-
receiving a first file; determining a file type of the first file; determining, according to a first policy, a plurality of malware detection schemes to apply to the first file based on the determined file type of the first file; scheduling the application of the determined plurality of malware detection schemes to the first file amongst a plurality of detection nodes according to a second policy; and in response to determining the results of applying the plurality of malware detection schemes, determining that the first file is suspected malware or determining that the first file is malware according to a third policy. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A computer-implemented method for execution on one or more processors, the method comprising:
-
receiving a first file and a second file from a messaging agent, wherein the first file and the second file are attachments to a first message; applying a first malware detection scheme to the first file at a first detection node of a plurality of detection nodes; determining the results of applying the first malware detection scheme at the first detection node to the first file; and increasing the priority of the second file in a queue associated with a second detection node of the plurality of detection nodes applying a second malware detection scheme to the second file in response to determining the results of applying the first malware detection scheme at the first detection node to the first file. - View Dependent Claims (16)
-
-
17. A computer-implemented method for execution on one or more processors, the method comprising:
-
receiving a file; determining a malware detection scheme to apply to the file; accessing the file in a guest operating system of a virtual machine in accordance with the determined malware detection scheme; skipping at least one wait state associated with the guest operating system while accessing the file within the guest operating system; and determining that the file is malware or determining that the file is suspected malware in response to accessing the file. - View Dependent Claims (18)
-
-
19. A system for malware detection comprising:
-
an ingest module operable to; receive a first file; determine a file type of the first file; and determine, according to a first policy, a plurality of malware detection schemes to apply to the first file based on the determined file type of the first file; a scheduling module operable to schedule the application of the determined plurality of malware detection schemes to the first file amongst a plurality of detection nodes according to a second policy; and an adjudication and disposition module operable to determine, in response to determining the results of applying the plurality of malware detection schemes, that the first file is malware according to a third policy. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32)
-
Specification