Method and apparatus for detecting computer viruses through the use of a scan information cache
First Claim
Patent Images
1. A method for increasing the speed at which a computer, which has files including more than one fork, scans for the presence of a computer virus, said method comprising the steps of:
- creating a scan information cache on a non-volatile storage medium;
gathering identifying information, which includes at least one length of some portion of a file, about an initial state of said file;
storing said identifying information in said scan information cache;
gathering current state information, which includes at least one length of some portion of said file, about a current state of said file;
determining how said identifying information stored in said scan information cache differs from said current state information thereby indicating a presence or absence of one or more subsets of computer viruses, said one or more subsets each including one or more viruses which affect state information of said file in certain characteristic manners;
scanning said file for one or more of said subsets of computer viruses of a type of computer viruses that are determined to be present.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and apparatus is provided for scanning files for computer viruses which use the length of at least one portion (such as a fork) of a file. This length information is stored in a cache. During a scan, the then current size of the file portion is compared to the length stored in the cache and if there is a size difference, the file is then scanned for viruses which can change that portion of the file'"'"'s size.
142 Citations
12 Claims
-
1. A method for increasing the speed at which a computer, which has files including more than one fork, scans for the presence of a computer virus, said method comprising the steps of:
-
creating a scan information cache on a non-volatile storage medium; gathering identifying information, which includes at least one length of some portion of a file, about an initial state of said file; storing said identifying information in said scan information cache; gathering current state information, which includes at least one length of some portion of said file, about a current state of said file; determining how said identifying information stored in said scan information cache differs from said current state information thereby indicating a presence or absence of one or more subsets of computer viruses, said one or more subsets each including one or more viruses which affect state information of said file in certain characteristic manners; scanning said file for one or more of said subsets of computer viruses of a type of computer viruses that are determined to be present. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. An apparatus that can rapidly scan for the presence of a computer virus on a computer, which has files including more than one fork, said apparatus comprising:
-
a scan information cache on a non-volatile storage medium; means for gathering identifying information, which includes at least one length of some portion of a file, about an initial state of said file; means for storing said identifying information in said scan information cache; means for gathering state information, which includes at least one length of some portion of said file, about a current state of said file; means for determining how said identifying information stored in the scan information cache differs from said current state information for said file thereby indicating a presence or absence of one or more subsets of computer viruses, said one or more subsets each including one or more viruses which affect state information of said file in certain characteristic manners; means for scanning said file for one or more of said subsets of computer viruses of a type of computer viruses that are determined to be present. - View Dependent Claims (8, 9, 10, 11, 12)
-
Specification