Antivirus accelerator for computer networks
First Claim
1. A computer-based method for examining a file that is transmitted over a computer network from an originating computer to a recipient computer to determine whether a computer virus is present within said file, said file containing at least one sector, the method comprising the steps of:
- causing the originating computer to;
scan the file by an associated antivirus module while storing into a first storage area an identification of each file sector that is scanned and a hash value of each sector that is scanned; and
calculate a digital signature of a computed message digest of contents of the first storage area; and
causing the recipient computer to;
compute a hash value for each file sector that was scanned by the originating computer, to generate a computed hash value;
compare each computed hash value with the hash value stored within said first storage area for the corresponding sector, wherein, when any computed hash value fails to match a corresponding stored hash value for any sector, the entire file is rescanned;
examine the authenticity of the digital signature by comparing a decrypted message digest with the computed message digest; and
rescan the entire file when the decrypted message digest does not match the computed message digest.
3 Assignments
0 Petitions
Accused Products
Abstract
System, method, and computer readable medium for examining a file (1) associated with an originating computer (2) to determine whether a virus is present within the file (1). File (1) contains at least one sector and is scanned by an antivirus module (3). An identification and hash value of each scanned sector, a date of an update to antivirus module (3), and a version number of antivirus module (3) are stored into a critical sectors file (4). Hash values can be calculated by an antivirus accelerator module (5). An authentication module (12) affixes a digital signature to critical sectors file (4). File (1), critical sectors file (4), and digital signature (15) are then transmitted over network (14) to a recipient computer (11). File (1) sectors that were scanned by originating computer (2) are examined by antivirus module (3'"'"'). Each of these sectors again has its hash value calculated and compared with the hash value of the corresponding sector as stored within critical sectors file (4). When any calculated hash value fails to match a corresponding stored hash value for any sector, antivirus module (3'"'"') is commanded to rescan the entire file (1). Recipient computer (11) decrypts the digital signature (15) produced by originating computer (2) to verify the authenticity of the contents of critical sectors file (4).
-
Citations
16 Claims
-
1. A computer-based method for examining a file that is transmitted over a computer network from an originating computer to a recipient computer to determine whether a computer virus is present within said file, said file containing at least one sector, the method comprising the steps of:
-
causing the originating computer to; scan the file by an associated antivirus module while storing into a first storage area an identification of each file sector that is scanned and a hash value of each sector that is scanned; and calculate a digital signature of a computed message digest of contents of the first storage area; and causing the recipient computer to; compute a hash value for each file sector that was scanned by the originating computer, to generate a computed hash value; compare each computed hash value with the hash value stored within said first storage area for the corresponding sector, wherein, when any computed hash value fails to match a corresponding stored hash value for any sector, the entire file is rescanned; examine the authenticity of the digital signature by comparing a decrypted message digest with the computed message digest; and rescan the entire file when the decrypted message digest does not match the computed message digest. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. Apparatus for speeding the detection of computer viruses, the apparatus comprising:
-
a first file associated with an originating computer and containing at least one sector; coupled to the first file, an antivirus scan module adapted to detect the presence of computer viruses within said first file; coupled to the antivirus scan module, an antivirus accelerator module; a critical sectors file coupled to the antivirus accelerator module, said critical sectors file containing the size of the first file, identifications of sectors of the first file that have been scanned by the antivirus scan module, and a hash value for each sector of the first file that has been scanned by the antivirus scan module; and coupled to the critical sectors file, an authentication module adapted for affixing a digital signature to contents of the critical sectors file and adapted for comparing a decrypted message digest of a received file with a computed message digest, wherein the antivirus scan module rescans the entire file when the decrypted message digest does not match the computed message digest.
-
-
16. A computer-readable medium storing a program for examining a file that is transmitted over a computer network from an originating computer to a recipient computer to determine whether a computer virus is present within the file, the file containing at least one sector, the program implementing a method comprising the steps of:
-
causing the originating computer to; scan the file by an associated antivirus module while storing into a first storage area an identification of each file sector that is scanned and a hash value of each sector that is scanned; and calculate a digital signature of a computed message digest of contents of the first storage area; and causing the recipient computer to; compute a hash value for each file sector that was scanned by the originating computer, to generate a computed hash value; compare each computed hash value with the hash value stored within said first storage area for the corresponding sector, wherein, when any computed hash value fails to match a corresponding stored hash value for any sector, the entire file is rescanned; examine the authenticity of the digital signature by comparing a decrypted message digest with the computed message digest; and rescan the entire file when the decrypted message digest does not match the computed message digest.
-
Specification