System and method for providing exploit protection for networks
First Claim
1. A system for providing protection from exploits to devices connected to a network, comprising:
- (a) a content filter that receives a message that is directed to at least one of the devices and that includes a header, a body, and an attachment, wherein the content filter determines an encapsulation that has been applied to the attachment prior to the system receiving the message and unencapsulates the attachment;
(b) a decompression component that is coupled to the content filter and that performs at least one decompression of the attachment when the attachment is compressed;
(c) a scanner component that is coupled to the decompression component and that determines whether the header includes an exploit, wherein exploit protection software from at least two vendors is employed and wherein the header includes a field having a defined size and the scanner determines that the header includes the exploit when a size of data in the field is other than the defined size;
(d) a quarantine component that is coupled to the scanner component and that holds the message when the message includes an exploit; and
(e) a device that receives messages that are directed to the network and that employs at least the scanner component to provide exploit protection for at least one of the messages.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for providing protection from exploits to devices connected to a network. The system and method include a component for determining whether an encapsulation has been applied to an attachment and unencapsulating such encapsulated attachments, a component that performs at least one decompression of the attachment when the attachment is compressed, a component that determines whether a header, body, and/or attachment of a message includes an exploit, and a component that holds and optionally cleans messages that include exploits. A device that receives messages that are directed to the network employs the components above to provide exploit protection for at least one of the messages.
28 Citations
21 Claims
-
1. A system for providing protection from exploits to devices connected to a network, comprising:
-
(a) a content filter that receives a message that is directed to at least one of the devices and that includes a header, a body, and an attachment, wherein the content filter determines an encapsulation that has been applied to the attachment prior to the system receiving the message and unencapsulates the attachment; (b) a decompression component that is coupled to the content filter and that performs at least one decompression of the attachment when the attachment is compressed; (c) a scanner component that is coupled to the decompression component and that determines whether the header includes an exploit, wherein exploit protection software from at least two vendors is employed and wherein the header includes a field having a defined size and the scanner determines that the header includes the exploit when a size of data in the field is other than the defined size; (d) a quarantine component that is coupled to the scanner component and that holds the message when the message includes an exploit; and (e) a device that receives messages that are directed to the network and that employs at least the scanner component to provide exploit protection for at least one of the messages. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 20)
-
-
2. A system for providing protection from exploits to devices connected to a network, comprising:
-
(a) a content filter that receives a message that is directed to at least one of the devices and that includes a header, a body, and an attachment, wherein the content filter determines an encapsulation that has been applied to the attachment prior to the system receiving the message and unencapsulates the attachment; (b) a scanner component that is coupled to the content filter and that determines whether the header includes an exploit, wherein the header includes a field having a defined size and wherein the scanner determines that the header includes the exploit when a size of data in the field is other than the defined size; (c) a quarantine component that is coupled to the scanner component and that holds the message when the message includes an exploit; and (d) a device that receives messages that are directed to the network and that employs at least the scanner component to provide exploit protection for at least one of the messages.
-
-
12. A method for providing protection from exploits to devices connected to a network, comprising:
-
(a) receiving a message at a node that receives messages that are directed to any of the devices and that causes the message to be scanned for an exploit before forwarding the message toward at least one of the devices, wherein the message includes a header and a compressed attachment; (b) decompressing the attachment, (c) determining whether the header includes the exploit, wherein exploit protection software from at least two vendors is employed to determine whether the header includes an exploit wherein the header includes a field having a defined size and the header is determined to include an exploit if a size of data in the field is other than a defined size; and (d) if the header includes the exploit, quarantining the message. - View Dependent Claims (13, 14, 16, 17)
-
-
15. A method for providing protection from exploits to devices connected to a network, comprising:
-
(a) receiving a message at a node that receives messages that are directed to any of the devices and that causes the message to be scanned for an exploit before forwarding the message toward at least one of the devices, wherein the message includes a header and at least one of a body and an attachment; (b) determining whether the header includes the exploit, wherein the header includes a field having a defined size and wherein the header includes the exploit when a size of data in the field is other than the defined size; and (c) if the header of the message includes the exploit, quarantining the message. - View Dependent Claims (21)
-
-
18. A system for providing protection from exploits to devices connected to a network, comprising:
-
(a) means for receiving a message that includes a header and at least one of a body and an attachment; (b) means for determining whether the attachment is encapsulated and for unencapsulating the attachment when the attachment is encapsulated; (c) means for decompressing the attachment at least one time when the attachment is compressed; (d) means for determining whether the header includes an exploit based on a size of data in a field of the header, wherein the means for determining determines that the header includes an exploit if the size of data in the field is other than a defined size, and wherein the means for determining comprises exploit protection software from at least two vendors; and (e) means for quarantining the message when the message includes the exploit. - View Dependent Claims (19)
-
Specification