INTERDICTING MALICIOUS FILE PROPAGATION
First Claim
1. A method of interdicting propagation of a malicious file in a computer network, the method comprising the steps of:
- a computer receiving packets of a message being transferred to a destination device;
in response to packet(s) of the message being received at the computer, the computer scanning the packet(s) to determine whether the packet(s) match a corresponding portion of a malicious file;
if any of the scanned packet(s) do not match the corresponding portion of the malicious file, the computer permitting a transfer of subsequent packet(s) of the message through the computer to the destination device without performing a scan of the subsequent packet(s); and
if one or more or all of the scanned packet(s) other than a last packet of the message match corresponding portions of the malicious file, the computer permitting a transfer of the one or more or all scanned packet(s) other than the last packet of the message through the computer to the destination device, and if all of the scanned packet(s) other than the last packet of the message match corresponding portions of the malicious file, the computer does not permit a transfer of the last packet of the message through the computer to the destination device.
0 Assignments
0 Petitions
Accused Products
Abstract
An approach is provided for interdicting malicious file propagation. Packets of a message being transferred to a destination device are received. In response to packet(s) of the message being received, the packet(s) are scanned by determining whether the packet(s) match a corresponding portion of a malicious file. If any of the scanned packet(s) do not match the corresponding portion of the malicious file, a transfer of subsequent packet(s) of the message to the destination device is permitted without performing a scan of the subsequent packet(s). If the scanned packet(s) including a last one or more packets of the message match corresponding portions of the malicious file, a transfer of the scanned packet(s) to the destination device is permitted, except a transfer of the last one or more packets of the message to the destination device is not permitted.
1 Citation
9 Claims
-
1. A method of interdicting propagation of a malicious file in a computer network, the method comprising the steps of:
-
a computer receiving packets of a message being transferred to a destination device; in response to packet(s) of the message being received at the computer, the computer scanning the packet(s) to determine whether the packet(s) match a corresponding portion of a malicious file; if any of the scanned packet(s) do not match the corresponding portion of the malicious file, the computer permitting a transfer of subsequent packet(s) of the message through the computer to the destination device without performing a scan of the subsequent packet(s); and if one or more or all of the scanned packet(s) other than a last packet of the message match corresponding portions of the malicious file, the computer permitting a transfer of the one or more or all scanned packet(s) other than the last packet of the message through the computer to the destination device, and if all of the scanned packet(s) other than the last packet of the message match corresponding portions of the malicious file, the computer does not permit a transfer of the last packet of the message through the computer to the destination device. - View Dependent Claims (2, 3)
-
-
4. A computer system for interdicting propagation of a malicious file in a computer network, the computer system comprising:
-
a central processing unit (CPU); a computer-readable memory; a computer-readable, tangible storage device; first program instructions to receive packets of a message being transferred to a destination device; second program instructions to, in response to packet(s) of the message being received at the computer, scan the packet(s) to determine whether the packet(s) match a corresponding portion of a malicious file; third program instructions to, if any of the scanned packet(s) do not match the corresponding portion of the malicious file, permit a transfer of subsequent packet(s) of the message through the computer to the destination device without performing a scan of the subsequent packet(s); and fourth program instructions to, if one or more or all of the scanned packet(s) other than a last packet of the message match corresponding portions of the malicious file, permit a transfer of the one or more or all scanned packet(s) other than the last packet of the message through the computer to the destination device, and if all of the scanned packet(s) other than the last packet of the message match corresponding portions of the malicious file, not permit a transfer of the last packet of the message through the computer to the destination device. wherein the first, second, third and fourth program instructions are stored on the computer-readable, tangible storage device for execution by the CPU via the computer-readable memory. - View Dependent Claims (5, 6)
-
-
7. A computer program product for interdicting propagation of a malicious file in a computer network, the computer program product comprising:
-
computer-readable, tangible storage device(s); and computer-readable program instructions stored on the computer-readable, tangible storage device(s), the computer-readable program instructions when executed by a CPU; receive packets of a message being transferred to a destination device; in response to packet(s) of the message being received, scan the packet(s) to determine whether the packet(s) match a corresponding portion of a malicious file; if any of the scanned packet(s) do not match the corresponding portion of the malicious file, permit a transfer of subsequent packet(s) of the message to the destination device without performing a scan of the subsequent packet(s); and if one or more or all of the scanned packet(s) other than a last packet of the message match corresponding portions of the malicious file, permit a transfer of the one or more or all scanned packet(s) other than the last packet of the message through the computer to the destination device, and if all of the scanned packet(s) other than the last packet of the message match corresponding portions of the malicious file, do not permit a transfer of the last packet of the message to the destination device. - View Dependent Claims (8, 9)
-
Specification