Method and apparatus for minimizing file scanning by anti-virus programs
First Claim
Patent Images
1. A method, comprising:
- determining whether an operating system includes a “
dirty cache buffer”
to raise or set a modification flag relative to a file being modified during a time it has been open, a computer code being indicative of said flag;
using said computer code for a raised or set modification flag, if available, for carrying out said modification determining by checking for the presence of said raised modification flag for said file;
detecting a request for closure of said opened computer file;
determining in response to and after the closure request, if said opened computer file has been modified since being opened;
indicating that said opened computer file is unmodified if said opened computer file has not been modified, based on the determination; and
scanning said opened computer file only if said opened computer file has been modified, based on the determination.
11 Assignments
0 Petitions
Accused Products
Abstract
Scanning time for a computer anti-virus program is minimized by eliminating scanning of a file for viruses before closure, in response to the absence of a modification flag being raised in an associated operating system, the flag being indicative of the file having been modified between the time the file was opened to the time of a close request.
39 Citations
14 Claims
-
1. A method, comprising:
-
determining whether an operating system includes a “
dirty cache buffer”
to raise or set a modification flag relative to a file being modified during a time it has been open, a computer code being indicative of said flag;using said computer code for a raised or set modification flag, if available, for carrying out said modification determining by checking for the presence of said raised modification flag for said file; detecting a request for closure of said opened computer file; determining in response to and after the closure request, if said opened computer file has been modified since being opened; indicating that said opened computer file is unmodified if said opened computer file has not been modified, based on the determination; and scanning said opened computer file only if said opened computer file has been modified, based on the determination. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A computer program product embodied on a computer readable storage medium for carrying out a method, the method comprising:
-
determining whether an operating system includes a “
dirty cache buffer”
to raise or set a modification flag relative to a file being modified during a time it has been open, a computer code being indicative of said flag;using said computer code for a raised or set modification flag, if available, for carrying out said modification determining by checking for the presence of said raised modification flag for said file; detecting a request for closure of said opened computer file; determining in response to and after the closure request, if said opened computer file has been modified since being opened; indicating that said opened computer file is unmodified if said opened computer file has not been modified, based on the determination; and scanning said opened computer file only if said opened computer file has been modified, based on the determination. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A system, comprising:
-
means for determining whether an operating system includes a “
dirty cache buffer”
to raise or set a modification flag relative to a file being modified during a time it has been open, a computer code being indicative of said flag;means for using said computer code for a raised or set modification flag, if available, for carrying out said modification determining by checking for the presence of said raised modification flag for said file; means for detecting a request for closure of said opened computer file; means for determining in response to and after the closure request, if said opened computer file has been modified since being opened; means for indicating that said opened computer file is unmodified if said opened computer file has not been modified, based on the determination; and means for scanning said opened computer file only if said opened computer file has been modified, based on the determination. - View Dependent Claims (12, 13, 14)
-
Specification