Method and apparatus for minimizing file scanning by anti-virus programs
First Claim
Patent Images
1. A method for optimizing the operation of an anti-virus computer program for use with an operating system, comprising the steps of:
- detecting a request for closure of an opened computer file;
determining in response to and after a closure request, but before file closure, if the opened computer file has been modified since being opened;
scanning said opened file for viruses before closure only if said opened file has been modified; and
closing said file if unmodified, and closing said file after scanning for viruses if found virus free.
11 Assignments
0 Petitions
Accused Products
Abstract
Scanning time for a computer anti-virus program is minimized by eliminating scanning of a file for viruses before closure, in response to the absence of a modification flag being raised in an associated operating system, the flag being indicative of the file having been modified between the time the file was opened to the time of a close request.
73 Citations
15 Claims
-
1. A method for optimizing the operation of an anti-virus computer program for use with an operating system, comprising the steps of:
-
detecting a request for closure of an opened computer file; determining in response to and after a closure request, but before file closure, if the opened computer file has been modified since being opened; scanning said opened file for viruses before closure only if said opened file has been modified; and closing said file if unmodified, and closing said file after scanning for viruses if found virus free. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method for optimizing operation of an anti-virus program in an operating system, said operating system including programming for raising a flag indicative of modification of an open file during the time the file has been open, said method including the steps of:
-
detecting the event of a request for closing said file being made to said operating system; after said detecting, but before file closure, determining whether said modification flag has been raised by said operating system for said open file; scanning said open file, in response to said modification flag, for viruses before permitting said operating system to close said file; and skipping said step of scanning for viruses before closure of said open file, whenever said modification flag is not present.
-
-
8. A method for optimizing the operation of an anti-virus program in use in an operating system, said operating system including programming for raising a flag indicative of modification of an open file during the time the file has been open, said method including the steps of:
-
scanning a file for viruses in response to a request from an associated computer user to open and gain access to said file; permitting said file to be opened if virus free; storing upon opening a virus vulnerable unmodified portion of said open file; detecting the event of a request for closing said open file being made to said operating system; after said detecting, but before file closure, determining whether said modification flag has been raised by said operating system for said open file; scanning said open file, in response to said modification flag, for viruses before permitting said operating system to close said file; skipping said step of scanning for viruses before closure of said open file, whenever said modification flag is not present; responding to the presence of a modification flag by comparing the stored unmodified virus vulnerable portion of said file to the associated portion of said open file to determine if that portion has been modified during the time the file has been open; and skipping said step of scanning for viruses before closure of said open file if the virus vulnerable portion of said open file is unmodified.
-
-
9. A computer program product embodied on a computer readable medium for detecting computer viruses on a file server, the file server providing file storage and retrieval services for at least one client computer over a network, said computer program product comprising:
-
computer code for detecting an open request from a client computer, the open request asking for a requested file from the file server; computer code for scanning said requested file for computer viruses, whereby the file server is permitted to provide said requested file to the client computer if no computer viruses are found therein; computer code for detecting a close request from the client computer associated with said requested file; computer code for, after said detecting, but before file closure, accessing operating system flag that indicates whether the requested file was changed prior to said close request; computer code for scanning said requested file for computer viruses if said requested file was changed prior to said close request; and computer code for skipping scanning said requested file if it was not changed prior to said close request. - View Dependent Claims (10, 11)
-
-
12. A computer program product embodied on a computer readable medium for detecting computer viruses on a file server, the file server providing file storage and retrieval services for at least one client computer over a network, said computer program product comprising:
-
computer code for detecting an open request from a client computer, the open request asking for a requested file from the file server; computer code for scanning said requested file for computer viruses, whereby the file server is permitted to provide said requested file to the client computer if no computer viruses are found therein; computer code for detecting a close request from the client computer associated with said requested file; computer code for, after said detecting, but before file closure, accessing an operating system flag that indicates whether the requested file was changed prior to said close request; computer code for skipping scanning said requested file if it was not changed prior to said close request; computer code responsive to said requested file having been changed prior to said close request for determining whether a virus vulnerable portion of said file was changed; computer code for skipping scanning said requested file if a virus vulnerable portion of said file was not changed prior to said close request; and computer code for scanning said requested file if a virus vulnerable portion of said file was changed prior to said close request. - View Dependent Claims (13, 14)
-
-
15. A method for optimizing the operation of an anti-virus computer program for use with an operating system, comprising the steps of:
-
detecting a request for closure of an opened computer file; determining in response to and after a closure request, but before file closure, if the opened computer file has been modified since being opened; scanning said opened file for viruses before closure only if said opened file has been modified; and closing said file if unmodified, and closing said file after scanning for viruses if found virus free; wherein said operating system includes a “
dirty cache buffer”
for providing a computer code for a modification flag indicative of the modification of an open file, said method further including in said modification determining step, the step of detecting the presence of said modification flag to determine if the associated opened file has been modified;wherein further included are the steps of; scanning a file for viruses in response to a request for opening the file, opening said file if virus free, and establishing a cache buffer memory for storing upon opening of a file only a virus vulnerable portion of that file that a virus must use to enter and infect said file; wherein said modification determining step includes the steps of; indicating an open file is unmodified in the absence of an associated modification flag, responding to the presence of a modification flag by comparing a portion of said open file to the associated unmodified virus vulnerable portion of said file in said cache buffer memory to determine if the portion of the open file has been modified since the opening of the file, indicating the opened file is unmodified if the virus vulnerable portion is unmodified, and indicating the opened file is modified if the virus vulnerable portion is modified.
-
Specification