Protocol-level malware scanner
First Claim
Patent Images
1. A method of detecting a malware comprising the steps of:
- a) receiving a data stream;
b) scanning the data stream at a protocol level to detect a malware including viruses;
c) removing the detected malware from the data stream;
d) transmitting the data stream without the malware;
e) determining an IP address and a port associated with the detected malware, wherein the IP address and the port are blocked from being able to send any data to a protected network, and the IP address and the port are blocked from being able to receive any data from the protected network; and
f) scanning email messages at a protocol level, each email message transmitted by one of a plurality of protocols;
wherein;
i) a HyperText Transfer Protocol (HTTP) filter is utilized for scanning an HTTP data stream for malware, ii) a File Transfer Protocol (FTP) filter is utilized for scanning an FTP data stream for malware, iii) a Simple Mail Transfer Protocol (SMTP) filter is utilized for scanning an SMTP data stream for malware, iv) an Internet Message Access Protocol (IMAP) filter is utilized for scanning an IMAP data stream for malware, v) a Post Office Protocol filter is utilized for scanning a Post Office Protocol data stream for malware, vi) a Trivial File Transfer Protocol filter is utilized for scanning a Trivial File Transfer Protocol data stream for malware, and vii) a Network News Transfer Protocol filter is utilized for scanning a Network News Transfer Protocol data stream for malware.
2 Assignments
0 Petitions
Accused Products
Abstract
A method, system, and computer program product for malware scanning of data that is being transferred or downloaded to a computer system that is performed at the protocol level, and is capable of blocking the spread of malwares that may not be blocked by operating system level scanning. A method of detecting a malware comprises the steps of: a) receiving a data stream, b) scanning the data stream at a protocol level to detect a malware, c) removing the detected malware from the data stream, and d) transmitting the data stream without the malware.
379 Citations
19 Claims
-
1. A method of detecting a malware comprising the steps of:
-
a) receiving a data stream;
b) scanning the data stream at a protocol level to detect a malware including viruses;
c) removing the detected malware from the data stream;
d) transmitting the data stream without the malware;
e) determining an IP address and a port associated with the detected malware, wherein the IP address and the port are blocked from being able to send any data to a protected network, and the IP address and the port are blocked from being able to receive any data from the protected network; and
f) scanning email messages at a protocol level, each email message transmitted by one of a plurality of protocols;
wherein;
i) a HyperText Transfer Protocol (HTTP) filter is utilized for scanning an HTTP data stream for malware, ii) a File Transfer Protocol (FTP) filter is utilized for scanning an FTP data stream for malware, iii) a Simple Mail Transfer Protocol (SMTP) filter is utilized for scanning an SMTP data stream for malware, iv) an Internet Message Access Protocol (IMAP) filter is utilized for scanning an IMAP data stream for malware, v) a Post Office Protocol filter is utilized for scanning a Post Office Protocol data stream for malware, vi) a Trivial File Transfer Protocol filter is utilized for scanning a Trivial File Transfer Protocol data stream for malware, and vii) a Network News Transfer Protocol filter is utilized for scanning a Network News Transfer Protocol data stream for malware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
receiving a data stream from a local area network or a wide area network connected to the workstation computer system.
-
-
6. The method of claim 5, wherein the transmitting step comprises the step of:
transmitting the data stream without the malware to an operating system and/or application programs running on the workstation computer system.
-
7. The method of claim 1, wherein steps a)-f) are performed on a gateway computer system.
-
8. The method of claim 7, wherein the receiving step comprises the step of:
receiving a data stream from a network to the gateway computer system or from a network via a router/firewall connected to the gateway computer system.
-
9. The method of claim 8, wherein the transmitting step comprises the step of:
transmitting the data stream without the malware to a computer system via a local area network or a wide area network connected to the gateway computer system.
-
10. A system for detecting a malware comprising:
-
a processor operable to execute computer program instructions;
a memory operable to store computer program instructions executable by the processor; and
computer program instructions stored in the memory and executable to perform the steps of;
a) receiving a data stream;
b) scanning the data stream at a protocol level to detect a malware including viruses;
c) removing the detected malware from the data stream;
d) transmitting the data stream without the malware;
e) determining an IP address and a port associated with the detected malware, wherein the IP address and the port are blocked from being able to send any data to a protected network, and the IP address and the port are blocked from being able to receive any data from the protected network; and
f) scanning email messages at a protocol level, each email message transmitted by one of a plurality of protocols;
wherein;
i) a HyperText Transfer Protocol (HTTP) filter is utilized for scanning an HTTP data stream for malware, ii) a File Transfer Protocol (FTP) filter is utilized for scanning an FTP data stream for malware, iii) a Simple Mail Transfer Protocol (SMTP) filter is utilized for scanning an SMTP data stream for malware, iv) an Internet Message Access Protocol (IMAP) filter is utilized for scanning an IMAP data stream for malware, v) a Post Office Protocol filter is utilized for scanning a Post Office Protocol data stream for malware, vi) a Trivial File Transfer Protocol filter is utilized for scanning a Trivial File Transfer Protocol data stream for malware, and vii) a Network News Transfer Protocol filter is utilized for scanning a Network News Transfer Protocol data stream for malware. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
receiving a data stream from a local area network or a wide area network connected to the workstation computer system.
-
-
15. The system of claim 14, wherein the transmitting step comprises the step of:
transmitting the data stream without the malware to an operating system and/or application programs running on the workstation computer system.
-
16. The system of claim 10, wherein steps a)-f) are performed on a gateway computer system.
-
17. The system of claim 16, wherein the receiving step comprises the step of:
receiving a data stream from a network to the gateway computer system or from a network via a router/firewall connected to the gateway computer system.
-
18. The system of claim 17, wherein the transmitting step comprises the step of:
transmitting the data stream without the malware to a computer system via a local area network or a wide area network connected to the gateway computer system.
-
19. A computer program product for detecting a malware comprising:
-
a computer readable medium;
computer program instructions, recorded on the computer readable medium, executable by a processor, for performing the steps of;
a) receiving a data stream;
b) scanning the data stream at a protocol level to detect a malware including viruses;
c) removing the detected malware from the data stream;
d) transmitting the data stream without the malware;
e) blocking an IP address and a port associated with the detected malware, wherein the IP address and the port are blocked from being able to send any data to a protected network, and the IP address and the port are blocked from being able to receive any data from the protected network; and
f) scanning email messages at a protocol level, each email message transmitted by one of a plurality of protocols;
wherein;
i) a HyperText Transfer Protocol (HTTP) filter is utilized for scanning an HTTP data stream for malware, ii) a File Transfer Protocol (FTP) filter is utilized for scanning an FTP data stream for malware, iii) a Simple Mail Transfer Protocol (SMTP) filter is utilized for scanning an SMTP data stream for malware, iv) an Internet Message Access Protocol (IMAP) filter is utilized for scanning an IMAP data stream for malware, v) a Post Office Protocol filter is utilized for scanning a Post Office Protocol data stream for malware, vi) a Trivial File Transfer Protocol filter is utilized for scanning a Trivial File Transfer Protocol data stream for malware, and vii) a Network News Transfer Protocol filter is utilized for scanning a Network News Transfer Protocol data stream for malware;
wherein the data stream is received from the Internet;
wherein steps a)-f) are performed on a gateway computer system;
wherein the receiving step comprises the step of receiving a data stream from a network to the gateway computer system or from a network via a router/firewall connected to the gateway computer system;
wherein uniform resource locators (URLs) are blocked;
wherein packet filtering is performed to accept and reject packets based on user-defined rules.
-
Specification