On-access malware scanning

US 7,243,373 B2
Filed: 07/25/2001
Issued: 07/10/2007
Est. Priority Date: 07/25/2001
Status: Active Grant

First Claim

Patent Images

1. A computer program product stored on a computer recordable medium for controlling a computer, said computer program product comprising:

(i) scan request receiving logic operable to receive a request to perform an on-access malware scan upon a computer file to which access is to be made;

(ii) scan dividing logic operable to divide said on-access malware scan into a plurality of tasks;

(iii) task issuing logic operable to issue said plurality of tasks to be performed by a plurality of different computers; and

(iv) result collating logic operable to collate a plurality of task results corresponding to said plurality of tasks and received from said plurality of different computer to form a scan result corresponding to said on-access malware scan;

wherein said scan dividing logic divides said on-access malware scan in response to a complexity metric exceeding a predetermined threshold, where the complexity metric is dependent on at least one parameter;

wherein the complexity metric is dependent on a plurality of parameters including a computer file type, a level of nesting of embedded computer files, an initial attempt to scan said computer file which exceeded a predetermined time, and a level of utilization of a local processor.

View all claims

11 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An on-access malware scanner (anti-virus, e-mail scanner) is provided which determines whether a scan to be performed has above a threshold level of complexity and if so divides the scan into a plurality of different tasks. These different tasks are then delegated to further computers (50, 52, 54) in a distributed processing approach with the further computers then returning their task results to the coordinating computer for combination to form an overall scan result. Computer files containing embedded files may be divided into separate computer files that are scanned as separate tasks. Furthermore, an individual computer file may be scanned for different properties by different computers as separate tasks. The selection of which tasks to distribute to which further computers may be made in dependence upon the complexity of the task to be delegated, the communication channel bandwidth to that further computer and the processing resources available at that further computer.

66 Citations

View as Search Results

16 Claims

1. A computer program product stored on a computer recordable medium for controlling a computer, said computer program product comprising:
- (i) scan request receiving logic operable to receive a request to perform an on-access malware scan upon a computer file to which access is to be made;
  
  (ii) scan dividing logic operable to divide said on-access malware scan into a plurality of tasks;
  
  (iii) task issuing logic operable to issue said plurality of tasks to be performed by a plurality of different computers; and
  
  (iv) result collating logic operable to collate a plurality of task results corresponding to said plurality of tasks and received from said plurality of different computer to form a scan result corresponding to said on-access malware scan;
  
  wherein said scan dividing logic divides said on-access malware scan in response to a complexity metric exceeding a predetermined threshold, where the complexity metric is dependent on at least one parameter;
  
  wherein the complexity metric is dependent on a plurality of parameters including a computer file type, a level of nesting of embedded computer files, an initial attempt to scan said computer file which exceeded a predetermined time, and a level of utilization of a local processor.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A computer program product as claimed in claim 1, wherein said scan dividing logic further divides said computer file into a plurality of component computer files to be separately scanned as said plurality of tasks.
  - 3. A computer program product as claimed in claim 2, wherein said computer file contains one or more embedded computer files which are further divided out as component computer files.
  - 4. A computer program product as claimed in claim 3, wherein said computer file is one of the following computer file types:
    - OLE2, ZIP, CAB, ARJ, RAR, ACE, JAR, ARC, LHA, LZH, ICE and StuffIt.
  - 5. A computer program product as claimed in claim 1, wherein said scan dividing logic further divides said on-access malware scan into a plurality of on-access malware scans for identifying different properties of said computer file, said plurality of on-access malware scans being separately performed as said plurality of tasks.
  - 6. A computer program product as claimed in claim 5, wherein said plurality of tasks each seek to further identify different portions of one of a cryptographic analysis and an emulation analysis.
  - 7. A computer program product as claimed in claim 1, wherein said on-access malware scan of said computer file seeks to identify one or more of:
    - (i) a computer virus;
      
      (ii) a Trojan computer program;
      
      (iii) a worm computer program;
      
      (iv) a banned computer program; and
      
      (v) an e-mail containing banned content.
  - 8. A computer program product as claimed in claim 1, wherein one or more of said tasks are further divided into sub-tasks.

9. A computer program product stored on a computer recordable medium for controlling a computer, said computer program product comprising:
- (i) scan request receiving logic operable to receive a request to perform an on-access malware scan upon a computer file to which access is to be made;
  
  (ii) scan dividing logic operable to divide said on-access malware scan into a plurality of tasks;
  
  (iii) task issuing logic operable to issue said plurality of tasks to be performed by a plurality of different computers; and
  
  (iv) result collating logic operable to collate a plurality of task results corresponding to said plurality of tasks and received from said plurality of different computers to form a scan result corresponding to said on-access malware scan;
  
  wherein said scan dividing logic divides said on-access malware scan in response to a complexity metric exceeding a predetermined threshold, where the complexity metric is dependent on at least one parameter;
  
  wherein an amount of said complexity metric that exceeds said predetermined threshold determines a number of tasks into which said on-access malware scan is divided.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. A computer program product as claimed in claim 9, wherein said scan dividing logic further divides said computer file into a plurality of component computer files to be separately scanned as said plurality of tasks.
  - 11. A computer program product as claimed in claim 10, wherein said computer file contains one or more embedded computer flies which are further divided out as component computer files.
  - 12. A computer program product as claimed in claim 11, wherein said computer file is one of the following computer file types:
    - OLE2, ZIP, CAB, ARJ, RAR, ACE, JAR, ARC, LHA, LZH, ICE and StuffIt.
  - 13. A computer program product as claimed in claim 9, wherein said scan dividing logic further divides said on-access malware scan into a plurality of on-access malware scans for identifying different properties of said computer file, said plurality of on-access malware scans being separately performed as said plurality of tasks.
  - 14. A computer program product as claimed in claim 13, wherein said plurality of tasks each seek to further identify different portions of one of a cryptographic analysis and an emulation analysis.
  - 15. A computer program product as claimed in claim 9, wherein said on-access malware scan of said computer file seeks to identify one or more of:
    - (i) a computer virus;
      
      (ii) a Trojan computer program;
      
      (iii) a worm computer program;
      
      (iv) a banned computer program; and
      
      (v) an e-mail containing banned content.
  - 16. A computer program product as claimed in claim 9, wherein one or more of said tasks are further divided into sub-tasks.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Muttik, Igor, Paget, Francois, Van Oers, Marius Hendrik Maria
Primary Examiner(s)
Barrón, Jr.; Gilberto
Assistant Examiner(s)
Sandoval; Kristin D.

Application Number

US09/911,765
Publication Number

US 20030023864A1
Time in Patent Office

2,176 Days
Field of Search

None
US Class Current

726/24
CPC Class Codes

H04L 63/145 the attack involving the pr...

On-access malware scanning

First Claim

11 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

On-access malware scanning

First Claim

11 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links