Method and device for innoculating email infected with a virus
First Claim
1. A method for inoculating email infected with a virus, the email being composed of data packets sent over a network and associated with a traffic flow in the network, the method comprising:
- scanning the data packets forming the traffic flow associated with the email;
detecting the signature of a known virus in the data packets;
determining whether there is an attachment associated with the email; and
altering bits of the data packet associated with the attachment to inoculate the email.
7 Assignments
0 Petitions
Accused Products
Abstract
A method and device for detecting and inoculating emails infected with viruses are described. The method involves identifying a particular traffic and its associated data packets as an email session and scanning the associated data packets in order to compare their contents with a database of known signatures. If a match is found between the data packets and a signature of a known virus, it is determined if there is an attachment to the email. If an attachment is detected, some or all of the bits of the data packets associated with the attachment are altered, thereby rendering the infected attachment harmless. The network device includes memory for storing the database of known signatures and a content processor able to compare the contents of data packets with a database of known signatures. The content processor is also operable to alter some or all of the bits of the attachment to inoculate the email and attachment.
149 Citations
18 Claims
-
1. A method for inoculating email infected with a virus, the email being composed of data packets sent over a network and associated with a traffic flow in the network, the method comprising:
-
scanning the data packets forming the traffic flow associated with the email;
detecting the signature of a known virus in the data packets;
determining whether there is an attachment associated with the email; and
altering bits of the data packet associated with the attachment to inoculate the email. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A network device for scanning and inoculating email infected with a virus, the email being composed of data packets sent over a network and associated with a traffic flow in the network, the network device comprising:
-
memory storing a database of known signatures, the known signatures including signatures of viruses;
a content processor connected to the memory, the content processor operable to scan the data packets and determine whether the contents of the data packets match one of the signatures of viruses in the database of known signatures, and to determine whether the email associated with the data packets includes an attachment, the content processor further operable to alter bits of the data packets forming the attachment, thereby inoculating the attachment and the email. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification