Antivirus accelerator
First Claim
1. A computer-based method for examining a file associated with a digital computer, said file containing a plurality of file sectors, to determine whether a computer virus is present within said file, the method comprising the steps of:
- when the file is being examined an initial time;
scanning selected file sectors of the file by an antivirus module, the selected file sectors being fewer than all of the file sectors and defining a critical fixed set of sectors; and
storing into a first storage area the number of each file sector that is scanned and a hash value of each sector that is scanned; and
when the file is being examined a subsequent time;
computing a hash value only for each file sector in the critical fixed set of sectors;
comparing each computed hash value with the hash value stored within said first storage area for the corresponding sector; and
rescanning the file by the antivirus module when any computed hash value fails to match a corresponding stored hash value for any sector in the a critical fixed set of sectors.
2 Assignments
0 Petitions
Accused Products
Abstract
System and method for examining a file (1) associated with a digital computer (2) to determine whether a computer virus is present within the file (1). The file (1) contains at least one numbered sector. When the file (1) is examined for an initial time, the file (1) is scanned by an antivirus module (3, 5). At that time, the numbers of the sectors being scanned and a hash value for each scanned sector are stored into a critical sector file (4). The hash values can be calculated by an antivirus accelerator module (5). When the file (1) is examined a subsequent time, all of the file (1) sectors that were scanned the initial time are examined by the antivirus accelerator module (5). Each of these sectors again has its hash value calculated and compared with the hash value of the corresponding sector as stored within the critical sector file (4). When any calculated hash value fails to match a corresponding stored hash value for any sector, the antivirus scan module (3) is commanded to rescan the entire file (1)
-
Citations
11 Claims
-
1. A computer-based method for examining a file associated with a digital computer, said file containing a plurality of file sectors, to determine whether a computer virus is present within said file, the method comprising the steps of:
-
when the file is being examined an initial time; scanning selected file sectors of the file by an antivirus module, the selected file sectors being fewer than all of the file sectors and defining a critical fixed set of sectors; and storing into a first storage area the number of each file sector that is scanned and a hash value of each sector that is scanned; and when the file is being examined a subsequent time; computing a hash value only for each file sector in the critical fixed set of sectors; comparing each computed hash value with the hash value stored within said first storage area for the corresponding sector; and rescanning the file by the antivirus module when any computed hash value fails to match a corresponding stored hash value for any sector in the a critical fixed set of sectors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. Apparatus for speeding detection of computer viruses, the apparatus comprising:
-
a first file associated with a digital computer and containing a plurality of numbered sectors; coupled to the first file, an antivirus scan module adapted to detect the presence of computer viruses only within selected file sectors of the first file, the selected files sectors being fewer than all of the file sectors and defining a critical fixed set of sectors; coupled to the antivirus scan module, an antivirus accelerator module; coupled to the antivirus accelerator module, a register means indicating whether the first file has already been scanned by the antivirus scan module; and a critical sectors file coupled to a module from the group of modules consisting of the antvirus accelerator module and the antivirus scan module, said critical sectors file containing the size of the first file, the number of the sectors from the first file scanned by the antivirus scan module, and a hash value only for each sector in the critical fixed set of sectors.
-
Specification