System and method for distributing portable computer virus definition records with binary file conversion

US 7,231,440 B1
Filed: 12/18/2000
Issued: 06/12/2007
Est. Priority Date: 12/18/2000
Status: Expired due to Term

First Claim

Patent Images

1. A system for distributing portable computer virus definition records with binary file conversion, comprising:

a structured virus database storing one or more virus definition records, each virus definition record comprising;

an identifier uniquely identifying a computer virus;

at least one virus name associated with the computer virus;

a virus definition sentence comprising object code providing operations to detect the identified computer virus within a computer system; and

a virus removal sentence comprising object code providing operations to clean the identified computer virus from the computer system;

a client database engine storing at least one updated virus definition record into the structured virus database indexed by the identifier and the at least one virus name for each virus definition record;

a converter converting the virus definition records stored in the structured virus database into a virus data file comprising virus definition sets, each virus definition set comprising;

binary data encoding instructions to detect the computer virus within a computer system, wherein the instructions comprise the object code to detect the identified computer virus;

binary data encoding instructions to clean the computer virus from the computer system, wherein the instructions comprise the object code to clean the identified computer virus; and

names associated with the computer virus;

a client anti-virus language decompiler converting each virus definition set in the virus data file into a virus definition record; and

a server database engine comparing subsequently modified versions of the structured virus database to form a delta set of virus definition records, wherein the client database engine stores the delta virus definition records set into the structured virus database;

wherein the server database engine builds the virus definition records into the structured virus database by generating the identifier for each virus definition record and populating each virus definition record with the virus definition sentence and the virus removal sentence for the computer virus;

wherein at least one of the database engines accesses the virus definition records in the structured virus database to perform at least one of adding, removing, and replacing a virus definition record.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for distributing portable computer virus definition records with binary file conversion are described. One or more virus definition records are stored into a structured virus database. Each virus definition record includes an identifier uniquely identifying a computer virus, at least one virus name associated with the computer virus, a virus definition sentence comprising object code providing operations to detect the identified computer virus within a computer system, and a virus removal sentence comprising object code providing operations to clean the identified computer virus from the computer system. At least one updated virus definition record is stored into the structured virus database indexed by the identifier and the at least one virus name for each virus definition record. The virus definition records stored in the structured virus database are converted into a virus data file. The virus data file includes virus definition sets. Each virus definition set includes binary data encoding instructions to detect the computer virus within a computer system, instructions to clean the computer virus from the computer system, and names associated with the computer virus.

Citations

15 Claims

1. A system for distributing portable computer virus definition records with binary file conversion, comprising:
- a structured virus database storing one or more virus definition records, each virus definition record comprising;
  
  an identifier uniquely identifying a computer virus;
  
  at least one virus name associated with the computer virus;
  
  a virus definition sentence comprising object code providing operations to detect the identified computer virus within a computer system; and
  
  a virus removal sentence comprising object code providing operations to clean the identified computer virus from the computer system;
  
  a client database engine storing at least one updated virus definition record into the structured virus database indexed by the identifier and the at least one virus name for each virus definition record;
  
  a converter converting the virus definition records stored in the structured virus database into a virus data file comprising virus definition sets, each virus definition set comprising;
  
  binary data encoding instructions to detect the computer virus within a computer system, wherein the instructions comprise the object code to detect the identified computer virus;
  
  binary data encoding instructions to clean the computer virus from the computer system, wherein the instructions comprise the object code to clean the identified computer virus; and
  
  names associated with the computer virus;
  
  a client anti-virus language decompiler converting each virus definition set in the virus data file into a virus definition record; and
  
  a server database engine comparing subsequently modified versions of the structured virus database to form a delta set of virus definition records, wherein the client database engine stores the delta virus definition records set into the structured virus database;
  
  wherein the server database engine builds the virus definition records into the structured virus database by generating the identifier for each virus definition record and populating each virus definition record with the virus definition sentence and the virus removal sentence for the computer virus;
  
  wherein at least one of the database engines accesses the virus definition records in the structured virus database to perform at least one of adding, removing, and replacing a virus definition record.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. A system according to claim 1, further comprising:
    - a server anti-virus language decompiler converting each virus definition set in the virus data file into a virus definition record.
  - 3. A system according to claim 1, further comprising:
    - a compression module compressing the structured virus database prior to transfer; and
      
      a decompression module decompressing the structured virus database subsequent to transfer.
  - 4. A system according to claim 1, further comprising:
    - an encryption module encrypting the structured virus database prior to transfer; and
      
      a decryption module decrypting the structured virus database subsequent to transfer.
  - 5. A system according to claim 1, wherein the structured virus database is a relational database.
  - 6. A system according to claim 1, wherein each virus definition set further includes descriptive names corresponding to each computer virus.
  - 7. A system according to claim 1, wherein each virus definition set includes a plurality of ordered virus definitions.
  - 8. A system according to claim 7, wherein the plurality of virus definitions are ordered for optimal retrieval.
  - 9. A system according to claim 1, wherein the virus data file is encrypted.

10. A method for distributing portable computer virus definition records with binary file conversion, comprising:
- storing one or more virus definition records into a structured virus database, each virus definition record comprising;
  
  an identifier uniquely identifying a computer virus;
  
  at least one virus name associated with the computer virus;
  
  a virus definition sentence comprising object code providing operations to detect the identified computer virus within a computer system; and
  
  a virus removal sentence comprising object code providing operations to clean the identified computer virus from the computer system;
  
  storing at least one updated virus definition record into the structured virus database indexed by the identifier and the at least one virus name for each virus definition record;
  
  converting the virus definition records stored in the structured virus database into a virus data file comprising virus definition sets, each virus definition set comprising;
  
  binary data encoding instructions to detect the computer virus within a computer system, wherein the instructions comprise the object code to detect the identified computer virus;
  
  binary data encoding instructions to clean the computer virus from the computer system, wherein the instructions comprise the object code to clean the identified computer virus; and
  
  names associated with the computer virus;
  
  comparing subsequently modified versions of the structured virus database to form a delta set of virus definition records; and
  
  storing the delta virus definition records set into the structured virus database;
  
  wherein a client anti-virus language decompiler converts each virus definition set in the virus data file into a virus definition record;
  
  wherein a server database engine builds the virus definition records into the structured virus database by generating the identifier for each virus definition record and populating each virus definition record with the virus definition sentence and the virus removal sentence for the computer virus;
  
  wherein the server database engine accesses the virus definition records in the structured virus database to perform at least one of adding, removing, and replacing a virus definition record.
- View Dependent Claims (11, 12, 13, 14)
- - 11. A method according to claim 10, further comprising:
    - compressing the structured virus database prior to transfer; and
      
      decompressing the structured virus database subsequent to transfer.
  - 12. A method according to claim 10, further comprising:
    - encrypting the structured virus database prior to transfer; and
      
      decrypting the structured virus database subsequent to transfer.
  - 13. A method according to claim 10, wherein the structured virus database is a relational database.
  - 14. A computer-readable storage medium holding code for performing the method of claim 10.

15. A method for updating a binary computer virus data file from virus definition records stored in a structured virus database, comprising:
- means for storing virus definition records into a structured virus database, each virus definition record comprising an identifier, at least one virus name, a virus definition sentence defining operations to detect the identified computer virus, and a virus removal sentence defining operations to clean off the identified computer virus;
  
  means for comparing subsequently modified versions of the structured virus database to form a delta set of virus definition records;
  
  means for storing the delta virus definition records set into the structured virus database;
  
  means for converting the virus definition records stored in the structured virus database into a virus data file comprising virus definition sets, each virus definition set comprising binary instructions wherein the binary instructions comprise the object code to detect the computer virus, binary instructions wherein the binary instructions comprise the object code to clean off the computer virus, and names associated with the computer virus;
  
  means for comparing subsequently modified versions of the structured virus database to form a delta set of virus definition records;
  
  means for storing the delta virus definition records set into the structured virus database;
  
  means for building the virus definition records into the structured virus database by generating the identifier for each virus definition record and populating each virus definition record with the virus definition sentence and the virus removal sentence for the computer virus;
  
  means for converting each virus definition set in the virus data file into a virus definition record; and
  
  means for accessing the virus definition records in the structured virus database to perform at least one of adding, removing, and replacing a virus definition record.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Kouznetsov, Victor, Ushakov, Andrei
Primary Examiner(s)
Cardone; Jason
Assistant Examiner(s)
Swearingen; Jeffrey R.

Application Number

US09/740,617
Time in Patent Office

2,367 Days
Field of Search

709/220, 709223-224, 707/1, 707/3
US Class Current

709/224
CPC Class Codes

H04L 63/145   the attack involving the pr...

Y10S 707/99931   Database or file accessing

Y10S 707/99933   Query processing, i.e. sear...

System and method for distributing portable computer virus definition records with binary file conversion

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for distributing portable computer virus definition records with binary file conversion

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links