×

DETECTION OF UNDESIRED COMPUTER FILES USING DIGITAL CERTIFICATES

  • US 20170187684A1
  • Filed: 03/11/2017
  • Published: 06/29/2017
  • Est. Priority Date: 12/17/2006
  • Status: Active Grant
First Claim
Patent Images

1. A method comprising:

  • receiving, by an electronic mail (email) security system, logically interposed between an external network and a plurality of host systems within a private network an inbound email message;

    when the inbound email message includes an attachment, processing the attachment by an antivirus detection module running on the electronic mail (email) security system, including;

    identifying a type and structure of the attachment by examining relevant locations in the attachment for one or more primary identification bytes that are indicative of the attachment being of a particular executable file format;

    determining a location of the certificate chain with respect to the attachment based on the identified type and structure;

    forming a signature of the attachment by extracting a targeted subset of information from the certificate chain based on the type and structure of the attachment;

    evaluating the attachment by comparing the signature with a set signatures having a known desirable or undesirable status;

    classifying the attachment into a category of a plurality of categories based on a result of said evaluating; and

    when the category of the attachment is indicative of files associated therewith being malicious or being suspected of being malicious, a policy associated with the category causes the email security system to quarantine, block or otherwise attempt to prevent the attachment from being delivered to an end user of one of the plurality of host systems to which the inbound email message is addressed.

View all claims
  • 0 Assignments
Timeline View
Assignment View
    ×
    ×