System and method for providing exploit protection with message tracking
First Claim
1. A system for providing protection from an exploit to a device connected to a network, comprising:
- a content filter that receives a message that is directed to the device;
a message tracker that is coupled to the content filter and is configured to perform actions, including;
determining a size of a message component associated with the message;
if the size is less than or equal to a pre-determined size;
identifying the message as unscanned;
if the size exceeds the pre-determined size, then;
determining a first value associated with the message, and if the first value is the same as a stored second value associated with the message, identifying the message as a scanned message;
if the size exceeds the pre-determined size, then;
determining the first value associated with the message, and if the first value is different from the stored second value, identifying the message as unscanned; and
a scanner component that is coupled to the message tracker and that is configured to receive the unscanned message and to determine whether at least one element of the message includes an exploit.
1 Assignment
0 Petitions
Accused Products
Abstract
A method and system for providing protection from exploits to devices connected to a network. The system and method include a component for determining whether an encapsulation has been applied to an attachment associated with a message and unencapsulating such encapsulated attachment, and a component that performs at least one decompression of the attachment when the attachment is compressed. If it is determined that the message, including the attachment, is to be scanned, a component is included that determines whether a header, body, and/or attachment of the message includes exploits. A device that receives messages that are directed to the network employs the components above to provide exploit protection for at least one of the messages.
27 Citations
17 Claims
-
1. A system for providing protection from an exploit to a device connected to a network, comprising:
-
a content filter that receives a message that is directed to the device;
a message tracker that is coupled to the content filter and is configured to perform actions, including;
determining a size of a message component associated with the message;
if the size is less than or equal to a pre-determined size;
identifying the message as unscanned;
if the size exceeds the pre-determined size, then;
determining a first value associated with the message, and if the first value is the same as a stored second value associated with the message, identifying the message as a scanned message;
if the size exceeds the pre-determined size, then;
determining the first value associated with the message, and if the first value is different from the stored second value, identifying the message as unscanned; and
a scanner component that is coupled to the message tracker and that is configured to receive the unscanned message and to determine whether at least one element of the message includes an exploit. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method for providing protection from an exploit to a device connected to a network, comprising:
-
receiving a message that is directed to the device;
determining a size of a message component associated with the message;
if the size is less than or equal to a pre-determined size;
identifying the message as unscanned;
if the size exceeds the pre-determined size, then;
determining a first value associated with the message, and if the first value is the same as a stored second value associated with the message, identifying the message as a scanned message;
if the size exceeds the pre-determined size, then;
determining the first value associated with the message, and if the first value is different from the stored second value, identifying the message as unscanned; and
if the message is an unscanned message, performing actions, including;
i. determining whether at least one element of the message includes an exploit; and
ii. if at least one element of the message includes the exploit, quarantining the message. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. A system for providing protection from an exploit to a device connected to a network, comprising:
-
means for receiving a message that includes a header and at least one of a body and an attachment;
a means for determining a size of a message component associated with the message;
a means for identifying the message as unscanned, if the size is less than or equal to a pre-determined size;
if the size exceeds the pre-determined size, then;
employing a means for determining a first value associated with the message, and if the first value is the same as a stored second value associated with the message, employing a means for identifying the message as a scanned message;
if the size exceeds the pre-determined size, then;
employing a means for determining the first value associated with the message, and if the first value is different from the stored second value, employing the means for identifying the message as unscanned; and
means for determining whether at least one of the header, attachment, and the body includes an exploit in the unscanned message.
-
Specification