Providing break points in a malware scanning operation
First Claim
1. A method of detecting computer viruses within a computer file, said method composing the steps of:
- receiving a request to scan a computer file for computer viruses;
initiating a virus scanning operation upon said computer file;
calculating during said virus scanning operation a measurement value indicative of an amount of data processing performed during said virus scanning operation, wherein the measurement value is based, at least in part, on at least one of a data size of the computer file and a complexity of tests of the virus scanning operation;
comparing during said virus scanning said measurement value with a threshold value; and
triggering a break in said virus operation prior to completion of the tests to determine as to whether the computer file is infected, if said measurement value exceeds said threshold value to prevent overload of a virus scanner.
11 Assignments
0 Petitions
Accused Products
Abstract
A computer virus scanning system is described in which during the scanning operation a measurement value indicative of the amount of data processing performed is calculated and this measurement value used to trigger breaks in the virus scanning operation. The triggered breaks can be used to perform a determination as to whether or not the virus scanning operations should be early terminated. One possibility is to measure the total size of the data processed during the virus scanning operation and calculate a ratio of this compared to the size of the computer file being virus scanned. If this calculated ratio exceeds a predetermined threshold, then virus scanning may be terminated. Another possibility is to associate a complexity value with each of a plurality of tests applied in the virus scanning operation. A total for these complexity values may be used to trigger the breaks and also to trigger early termination upon exceeding of respective threshold levels.
92 Citations
30 Claims
-
1. A method of detecting computer viruses within a computer file, said method composing the steps of:
-
receiving a request to scan a computer file for computer viruses; initiating a virus scanning operation upon said computer file; calculating during said virus scanning operation a measurement value indicative of an amount of data processing performed during said virus scanning operation, wherein the measurement value is based, at least in part, on at least one of a data size of the computer file and a complexity of tests of the virus scanning operation; comparing during said virus scanning said measurement value with a threshold value; and triggering a break in said virus operation prior to completion of the tests to determine as to whether the computer file is infected, if said measurement value exceeds said threshold value to prevent overload of a virus scanner. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. Apparatus for detecting computer viruses within a computer file, said apparatus comprising:
-
a receiver operable to receive a request to scan a computer file for computer viruses; initiating logic operable to initiate a virus scanning operation upon said computer file; calculating logic operable to calculate during said virus scanning operation a measurement value indicative of an amount of data processing performed during said virus scanning operation, wherein the measurement value is based, at least in part, on at least one of a data size of the computer file and a complexity of tests of the virus scanning operation; comparing logic operable during said virus scanning to compare said measurement value with a threshold value; and triggering logic operable to trigger a break in said virus operation prior to completion of the tests to determine as to whether the computer file is infected, if said measurement value exceeds said threshold value to prevent overload of a virus scanner. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A computer program product carrying a computer program for controlling a computer to detect computer viruses within a computer file, said computer program comprising:
-
receiver code operable to receive a request to scan a computer file for computer viruses; initiating code operable to initiate a virus scanning operation upon said computer file; calculating code operable to calculate during said virus scanning operation a measurement value indicative of an amount of data processing performed during said virus scanning operation, wherein the measurement value is based, at least in part, on at least one of a data size of the computer file and a complexity of tests of the virus scanning operation; comparing code operable during said virus scanning to compare said measurement value with a threshold value; and triggering code operable to trigger a break in said virus operation prior to completion of the tests to determine as to whether the computer file is infected, if said measurement value exceeds said threshold value to prevent overload of a virus scanner. - View Dependent Claims (22, 23, 24, 25, 27, 28, 29, 30)
-
-
26. A computer program product as claimed in 22, wherein said virus scanning operation applies a plurality of the tests to said computer file, each test having complexity value indicative of an amount of data processing associated with that test, said measurement value being a sum of complexity values for tests applied during said virus scanning operation and said step of determining terminating said virus scanning operation prior to completion if said sum of complexity values exceeds a termination complexity threshold value.
Specification