System and method for performing efficient computer virus scanning of transient messages using checksums in a distributed computing environment
First Claim
1. A computer implemented system for performing efficient computer virus scanning of transient messages using checksums in a distributed computing environment, comprising:
- an antivirus system intercepting an incoming message at a network domain boundary, the incoming message including a body storing message content;
a parser module parsing the message content from the body and calculating a checksum over the parsed message content;
a checksum module storing the checksum in an information file associated with the incoming message in a transient message store;
an antivirus scanner scanning the incoming message for a presence of at least one of a computer virus and malware to identify infected message contents, and recording the checksum corresponding to each infected message content and an infection indicator;
wherein the checksum is calculated as a running checksum on a line-by-line basis as the incoming message is received.
11 Assignments
0 Petitions
Accused Products
Abstract
A system and method for performing efficient computer virus scanning of transient messages using checksums in a distributed computing environment is described. An incoming message is intercepted at a network domain boundary. The incoming message includes a body storing message content. The message content is parsed from the body and a checksum is calculated over the parsed message content. The checksum is stored in an information file associated with the incoming message in a transient message store. The incoming message is scanned for a presence of at least one of a computer virus and malware to identify infected message contents. The checksum corresponding to each infected message content and an infection indicator is recorded.
112 Citations
40 Claims
-
1. A computer implemented system for performing efficient computer virus scanning of transient messages using checksums in a distributed computing environment, comprising:
-
an antivirus system intercepting an incoming message at a network domain boundary, the incoming message including a body storing message content; a parser module parsing the message content from the body and calculating a checksum over the parsed message content; a checksum module storing the checksum in an information file associated with the incoming message in a transient message store; an antivirus scanner scanning the incoming message for a presence of at least one of a computer virus and malware to identify infected message contents, and recording the checksum corresponding to each infected message content and an infection indicator; wherein the checksum is calculated as a running checksum on a line-by-line basis as the incoming message is received. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 38)
-
-
9. A computer implemented method for performing efficient computer virus scanning of transient messages using checksums in a distributed computing environment, comprising:
-
intercepting an incoming message at a network domain boundary, the incoming message including a body storing message content; parsing the message content from the body and calculating a checksum over the parsed message content; calculating the checksum as a running checksum on a line-by-line basis as the incoming message is received; storing the checksum in an information file associated with the incoming message in a transient message store; scanning the incoming message for a presence of at least one of a computer virus and malware to identify infected message contents; and recording the checksum corresponding to each infected message content and an infection indicator. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer implemented system for performing efficient computer virus scanning of transient messages with message digests, comprising:
-
an antivirus system intercepting an incoming message at a network domain boundary, the incoming message including a header including fields, which each store field values, and a body storing message content; a parser module parsing the field values from each field in the header and the message content from the body; a digest module generating a message digest over each such field value and over the message content and recording the message digests corresponding to the incoming message; an antivirus scanner scanning the incoming message for a presence of at least one of a computer virus and malware to identify infected message contents; an update module updating the message digest corresponding to each infected message content with an infection indicator; and a set of digests, each comprising the message digest and the infection indicator corresponding to each infected message content. - View Dependent Claims (19, 20, 21, 22, 23, 39, 40)
-
-
24. A computer implemented method for performing efficient computer virus scanning of transient messages with message digests, comprising:
-
intercepting an incoming message at a network domain boundary, the incoming message including a header including fields, which each store field values, and a body storing message content; parsing the field values from each field in the header and the message content from the body and generating a message digest over each such field value and over the message content; recording the message digests corresponding to the incoming message; scanning the incoming message for a presence of at least one of a computer virus and malware to identify infected message contents; updating the message digest corresponding to each infected message content with an infection indicator; and maintaining a set of digests, each comprising the message digest and the infection indicator corresponding to each infected message content. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
-
31. A computer implemented system for providing dynamic computer virus and malware protection of message packets in a bounded network domain, comprising:
-
an antivirus system intercepting an incoming message packet, each incoming message packet comprising a plurality of sections comprising a header storing field values and a body storing message packet content, and providing dynamic computer virus and malware protection, comprising at least one of; a checksum module calculating and storing a checksum over the message packet content stored in the body of the incoming message packet; and a digest module generating and storing a digest over at least one the field values stored in the header and the message packet content stored in the body of the incoming message packet; an antivirus scanner scanning the incoming message packet if the at least one of the checksum and the digest have not been previously stored with an infection indicator indicating a presence of at least one of a computer virus and malware; wherein the checksum is calculated as a running checksum on a line-by-line basis as the incoming message packet is received. - View Dependent Claims (32, 33)
-
-
34. A computer implemented method for providing dynamic computer virus and malware protection of message packets in a bounded network domain, comprising:
-
intercepting an incoming message packet, each incoming message packet comprising a plurality of sections comprising a header storing field values and a body storing message packet content; providing dynamic computer virus and malware protection, comprising at least one of; calculating a checksum over the message packet content stored in the body of the incoming message packet; and generating a digest over at least one the field values stored in the header and the message packet content stored in the body of the incoming message packet; storing at least one of the checksum and the digest; and scanning the incoming message packet if the at least one of the checksum and the digest have not been previously stored with an infection indicator indicating a presence of at least one of a computer virus and malware; wherein the checksum is calculated as a running checksum on a line-by-line basis as the incoming message packet is received. - View Dependent Claims (35, 36, 37)
-
Specification