Antivirus scanning in a hard-linked environment
First Claim
1. A computer-implemented method for detecting malicious computer code in a file associated with a computer, said method comprising the steps of:
- determining whether there is more than one hard link to the file; and
when there is more than one hard link;
ascertaining the identities of all the hard links; and
performing an antivirus scan on the file based upon the hard link(s) having the most restrictive scanning criteria of all the hard links to detect malicious computer code.
2 Assignments
0 Petitions
Accused Products
Abstract
Computer-implemented methods, apparati, and computer-readable media for detecting malicious computer code in a file (2) associated with a computer (10). A method of the present invention comprises the steps of determining whether there is more than one hard link (1) to the file (2); and when there is more than one hard link (1), ascertaining the identities of all the hard links (1), and performing an antivirus scan on the file (2) based upon the hard link(s) (1) having the most restrictive scanning criteria of all the hard links (1), or upon the union of scanning criteria amongst all the hard links (1).
-
Citations
36 Claims
-
1. A computer-implemented method for detecting malicious computer code in a file associated with a computer, said method comprising the steps of:
-
determining whether there is more than one hard link to the file; and when there is more than one hard link; ascertaining the identities of all the hard links; and performing an antivirus scan on the file based upon the hard link(s) having the most restrictive scanning criteria of all the hard links to detect malicious computer code. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer-readable medium containing computer program instructions for detecting malicious computer code in a file associated with a computer, comprising:
-
a backpointer table construction module coupled to the file, said module adapted to construct a backpointer table for the file when the file has more than one hard link; an antivirus scanner coupled to the file and adapted to scan the file for the presence of malicious computer code; and a file system filter driver coupled to the file and to the antivirus scanner, said driver instructing the antivirus scanner to examine the backpointer table when the file has more than one hard link.
-
-
19. A computer-readable medium containing computer program instructions for detecting malicious computer code in a file associated with a computer, said instructions performing the steps of:
determining whether there is more than one hard link to the file; and
when there is more than one hard link;ascertaining the identities of all the hard links; and performing an antivirus scan on the file based upon the hard link(s) having the most restrictive scanning criteria of all the hard links to detect malicious computer code. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34)
-
35. A computer-implemented method for detecting malicious computer code in a computer, the method comprising:
-
identifying a file on a storage device associated with the computer, the file having a plurality of hard links, each hard link associated with a file name; determining a plurality of file names associated with the plurality of hard links; ascertaining a set of scanning criteria responsive at least in part to the plurality of file names, where ascertaining the set of scanning criteria comprises; ascertaining scanning criteria for each of the plurality of file names, and forming the set of scanning criteria from the most restrictive scanning criteria of the scanning criteria for each of the plurality of file names; and scanning the file responsive to the set of scanning criteria to detect the presence of malicious computer code in the file. - View Dependent Claims (36)
-
Specification