Scanning computer files for unwanted properties

US 6,802,012 B1
Filed: 10/03/2000
Issued: 10/05/2004
Est. Priority Date: 10/03/2000
Status: Expired due to Fees

First Claim

Patent Images

1. A method of detecting computer files having one or more unwanted properties, said method comprising the steps of:

receiving requests to scan respective computer files together with data indicative of a computer user associated with respective requests to scan;

storing within a store of pending scan requests data identifying said requests to scan together with data indicative of respective scan request priority levels for respective requests to scan, scan request priority level being dependent upon a computer user associated with a request to scan;

selecting from said store of pending scan requests in dependence upon said data indicative of scan request priority level a next pending request to scan to be serviced; and

scanning said next pending request to scan to be serviced to detect said one or more unwanted properties;

wherein said store of pending scan requests also store data indicative of a time of issue of each respective request to scan;

wherein said step of selecting selects as a next pending request to scan to be serviced an oldest high priority request to scan within said store of pending scan requests.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for scanning computer files for unwanted properties, such as containing computer viruses or being spam e-mail, allocates a priority to pending scan requests based upon the identity of a computer user associated with the scan request. In the case of a normal file access request, the computer user associated with the scan request may be the file access request or in the case of an on-demand scan, then the computer user associated with a particular scan request for a computer file may be the owner or creator of that computer file. In the case of scan requests associated with e-mails, the sender or recipient computer user may be used in the allocation of a priority level for the scan request.

Citations

36 Claims

1. A method of detecting computer files having one or more unwanted properties, said method comprising the steps of:
- receiving requests to scan respective computer files together with data indicative of a computer user associated with respective requests to scan;
  
  storing within a store of pending scan requests data identifying said requests to scan together with data indicative of respective scan request priority levels for respective requests to scan, scan request priority level being dependent upon a computer user associated with a request to scan;
  
  selecting from said store of pending scan requests in dependence upon said data indicative of scan request priority level a next pending request to scan to be serviced; and
  
  scanning said next pending request to scan to be serviced to detect said one or more unwanted properties;
  
  wherein said store of pending scan requests also store data indicative of a time of issue of each respective request to scan;
  
  wherein said step of selecting selects as a next pending request to scan to be serviced an oldest high priority request to scan within said store of pending scan requests.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. A method as claimed in claim 1, further comprising the steps of allocating a scan request priority level for each request to scan in dependence upon said computer user associated with said request to scan and storing said scan request priority level within said store of pending scan requests.
  - 3. A method as claimed in claim 1, wherein said requests to scan originate from file access requests to a tile store by access requesting computer users, said access requesting computer users being said computer users associated with respective requests to scan.
  - 4. A method as claimed in claim 1, wherein said requests to scan originate from an on-demand scan of computer files stored in a file store and said computer users associated with respective requests to scan are designated owners of respective files within said file store.
  - 5. A method as claimed in claim 1, wherein said requests to scan originate from an on-demand scan of computer files stored in a file store and said computer users associated with respective requests to scan are designated creators of respective files within said file store.
  - 6. A method as claimed in claim 1, wherein said requests to scan originate from e-mail files being processed by an e-mail server.
  - 7. A method as claimed in claim 6, wherein a computer user associated with a request to scan is a recipient designated for a respective e-mail file.
  - 8. A method as claimed in claim 6, wherein said unwanted properties include receipt within a predetermined period of more than a threshold level of e-mail messages having one or more common characteristics.
  - 9. A method as claimed in claim 8, wherein said one or more common characteristics includes:
10. A method as claimed in claim 6, wherein a computer user associated with a request to scan is a recipient designated for a respective e-mail file.
11. A method as claimed in claim 6, wherein a scan request priority level is also dependent upon whether an associated e-mail file is inbvound to or outbound from said email server.
12. A method as claimed in claim 1, wherein said unwnted properties include being infected with a computer virus.

13. Apparatus for detecting computer files having one or more unwanted properties, said apparatus comprising:
- a receiver operable to receive requests to scan respective computer files together with data indicative of a computer user associated with respective requests to scan;
  
  a store of pending scan requests operable to store data identifying said requests to scan together with data indicative of respective scan request priority levels for respective requests to scan, scan request priority level being dependent upon a computer user associated with a request to scan;
  
  selecting logic operable to select from said store of pending scan requests in dependence upon said data indicative of scan request priority level a next pending request to scan to be serviced; and
  
  scanning logic operable to scan said next pending request to scan to be serviced detect said one or more unwanted properties;
  
  wherein said store of pending scan requests also store data indicative of a time of issue of each respective request to scan;
  
  wherein said selecting logic is operable to select as a next pending request to scan to be serviced an oldest high priority request to scan within said store of pending scan requests.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 14. Apparatus as claimed in claim 13, further comprising allocating logic operable to allocate a scan request priority level for each request to scan in dependence upon said computer user associated with said request to scan and storing said scan request priority level within said store of pending scan requests.
  - 15. Apparatus as claimed in claim 13 wherein said requests to scan originate from file access requests to a file store by access requesting computer users, said access requesting computer users being said computer users associated with respective requests to scan.
  - 16. Apparatus as claimed in claim 13, wherein said requests to scan originate from an on-demand scan of computer files stored in a file store and said computer users associated with respective requests to scan are designated owners of respective files within said file store.
  - 17. Apparatus as claimed in claim 13, wherein said requests to scan originate from an on-demand scan of computer files stored in a file store and said computer users associated with respective requests to scan are designated creators of respective files within said file store.
  - 18. Apparatus as claimed in claim 13, wherein said requests to scan originate from e-mail files being processed by an e-mail server.
  - 19. Apparatus as claimed in claim 18, wherein a computer user associated with a request to scan is a recipient designated for a respective e-mail file.
  - 20. Apparatus as claimed in claim 18, wherein said unwanted properties include receipt within a predetermined period of more than a threshold level of e-mail messages having one or more common characteristics.
  - 21. Apparatus as claimed in claim 20, wherein said one or more common characteristics includes:
22. Apparatus as claimed in claim 18, wherein a computer user associated with a request to scan is a sender designated for a respective e-mail file.
23. Apparatus as claim in claim 18, wherein a scan request priority level is also dependent upon whether an associated e-mail file is inbound to or outbound from said e-mail server.
24. Apparatus as claimed in claim 13, wherein said unwanted properties include being infected with a computer virus.

25. A computer program product carrying a computer program for controlling a computer to detect computer files having one or more unwanted properties, said computer program comprising:
- receiver code operable to receive requests to scan respective computer files together with data indicative of a computer user associated with respective requests to scan;
  
  storage code operable to store in a store of pending scan requests data identifying said requests to scan together with data indicative of respective scan request priority levels for respective requests to scan, scan request priority level being dependent upon a computer user associated with a request to scan;
  
  selecting code operable to select from said store of pending scan requests in dependence upon said data indicative of scan request priority level a next pending request to scan to be serviced; and
  
  scanning code operable to scan said next pending request to scan to be serviced to detect said one or more unwanted properties;
  
  wherein said store of pending scan requests also store data indicative of a time of issue of each respective request to scan;
  
  wherein said selecting code is operable to select as a next pending request to scan to be serviced an oldest high priority request to scan within said store of pending scan requests.
- View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 26. A computer program product as claimed in claim 25, further comprising allocating code operable to allocate a scan request priority level for each request to scan in dependence upon said computer user associated with said request to scan and storing said scan request priority level within said store of pending scan requests.
  - 27. A computer program product as claimed in claim 25, wherein said requests to scan originate from file access requests to a file store by access requesting computer users, said access requesting computer users being said computer users associated with respective requests to scan.
  - 28. A computer program product as claimed in claim 25, wherein said requests to scan originate from an on-demand scan of computer files stored in a file store and said computer users associated with respective requests to scan are designated owners of respective files within said file store.
  - 29. A computer program product as claimed in claim 25, wherein said requests to scan originate from an on-demand scan of computer files stored in a file store and said computer users associated with respective requests to scan are designated creators of respective files within said file store.
  - 30. A computer program product as claimed in claim 25, wherein said requests to scan originate from e-mail files being processed by an e-mail server.
  - 31. A computer program product as claimed in claim 30, wherein a computer user associated with a request to scan is a recipient designated for a respective e-mail file.
  - 32. A computer program product as claimed in claim 30, wherein said unwanted properties include receipt within a predetermined period of more than a threshold level of e-mail messages having one or more common characteristics.
  - 33. A computer program product as claimed in claim 32, wherein said one or more common chairacteristics includes:
34. A computer program product as claimed in claim 30, wherein a computer user associated with a request to scan is a sender designated for a respective e-mail file.
35. A computer program product as claimed in claim 30, wherein a scan request priority level is also dependent upon whether an associated e-mail file is inbound to or outbound from said e-mail server.
36. A computer program product as claimed in claim 25, wherein said unwanted properties include being infected with a computer virus.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, Inc. (McAfee, LLC)
Original Assignee
Networks Associates Technology, Inc. (McAfee, LLC)
Inventors
Wolff, Daniel Joseph, Smithson, Robert Hugh
Primary Examiner(s)
MOISE, EMMANUEL LIONEL

Application Number

US09/678,691
Time in Patent Office

1,463 Days
Field of Search

709/206, 709/240, 709/247, 713/188, 713/200, 713/202
US Class Current

726/24
CPC Class Codes

G06F 21/564 by virus signature recognition

Scanning computer files for unwanted properties

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Scanning computer files for unwanted properties

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links