Decentralized virus scanning for stored data

US 7,523,487 B2
Filed: 11/30/2001
Issued: 04/21/2009
Est. Priority Date: 12/01/2000
Status: Expired due to Term

First Claim

Patent Images

1. A method comprising:

receiving at a storage server, from a requester, a request for an object stored at the server;

in response to the request, determining at the storage server whether to cause a processing device in a cluster of processing devices to access the object stored at the storage server and perform an operation on the object, wherein the operation is from the set of operations consisting of virus scanning, data decompression, data encryption, and data compaction, wherein the cluster is separate from the storage server and is not in a path from the requester to the object and wherein said determining includes determining whether to cause the processing device to perform the operation based at least partially on a file space containing the object;

selecting, at the storage server, the processing device from among a plurality of processing devices that form the cluster, based on a classification of the processing device relative to other processing devices in the cluster, wherein the classification is based on a performance criterion;

assigning a specific access type to the processing device by the storage server when the storage server verifies the processing device satisfies restriction criteria;

causing the processing device to perform the operation in response to a specified outcome of said determining;

receiving at the storage server a result of the operation from the processing device; and

conditionally allowing access to the object in response to the request according to the result of the operation.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention provides a method and system for performing specialized services for files at a server, such as scanning files for viruses. A filer or other server is connected to one or more supplementary computing devices that scan requested files to ensure they are virus free prior to delivery to end users. When an end user requests a file the following steps occur: The server determines whether the file requested must be scanned before delivery to the end user. The server opens a channel to one of the external computing devices and sends the filename. The external computing device opens the file and scans it. The external computing device notifies the filer the results of the file scan operation. The server sends the file to the end user provided the status indicates it may do so.

Citations

15 Claims

1. A method comprising:
- receiving at a storage server, from a requester, a request for an object stored at the server;
  
  in response to the request, determining at the storage server whether to cause a processing device in a cluster of processing devices to access the object stored at the storage server and perform an operation on the object, wherein the operation is from the set of operations consisting of virus scanning, data decompression, data encryption, and data compaction, wherein the cluster is separate from the storage server and is not in a path from the requester to the object and wherein said determining includes determining whether to cause the processing device to perform the operation based at least partially on a file space containing the object;
  
  selecting, at the storage server, the processing device from among a plurality of processing devices that form the cluster, based on a classification of the processing device relative to other processing devices in the cluster, wherein the classification is based on a performance criterion;
  
  assigning a specific access type to the processing device by the storage server when the storage server verifies the processing device satisfies restriction criteria;
  
  causing the processing device to perform the operation in response to a specified outcome of said determining;
  
  receiving at the storage server a result of the operation from the processing device; and
  
  conditionally allowing access to the object in response to the request according to the result of the operation.
- View Dependent Claims (2, 3, 4, 5)
- - 2. A method as in claim 1, wherein the operation includes a plurality of processes, each process being performed at a separate processing device in the cluster.
  - 3. A method as in claim 1, wherein the specific access type allowing the processing device to perform the operation even while another user has a lock on the object.
  - 4. A method as in claim 1, wherein the storage server enforces a timeout for the operation;
    - wherein even if the timeout expires, the processing device completes the operation and reports the result of the operation to the server; and
      
      herein the storage server stores the result of the operation for possible later use.
  - 5. A method as in claim 1, wherein the operation is performed only if the processing device has open-for-scanning permission to access the object;
    - andwherein if the processing device has the open-for-scanning permission to access the object, the operation is performed even if the object is locked by another user.

6. An apparatus comprising:
- a storage server storing a set of objects and having a network interface; and
  
  a plurality of processing devices configured as a cluster that is connected to the storage server and that is not in a path from a client to the objects stored at the server,wherein when the storage server receives a client request for an object of the set of objects through the network interface;
  
  the storage server determines whether to cause the processing device to perform an operation on the object, wherein the operation is from the set of operations consisting of virus scanning, data decompression. data encryption, and data compaction, and wherein the storage server determines whether to cause the processing device to perform the operation based at least partially on a file space containing the object;
  
  the storage server selects the processing device from among a plurality of processing devices that form the cluster, based on a classification of the processing device relative to other processing devices in the cluster, wherein the classification is based on a performance criterion;
  
  the storage server assigns a specific access type to the processing device when the storage server verifies the processing device satisfies restriction criteria;
  
  the storage server sends a first message to the processing device that indicates the object to the processing device, in response to a specified outcome of the determination, to cause the processing device to access the object stored at the storage server and perform the operation;
  
  the processing device sends a second message to the storage server that indicates a result of the operation; and
  
  the storage server generates a response to the client request, the response conditionally providing access by the client to the object according to the second message.
- View Dependent Claims (7, 8, 9)
- - 7. An apparatus as in claim 6, wherein the storage server enforces a timeout for the second message;
    - wherein even if the timeout expires, the second message is sent from the processing device to the server; and
      
      wherein the storage server stores the result of the operation for possible later use.
  - 8. An apparatus as in claim 6, wherein the operation is performed only if the processing device has open-for-scanning permission to access the object;
    - andwherein if the processing device has open-for-scanning permission to access the object, the operation is performed even if the object is locked by another user.
  - 9. An apparatus as in claim 6, wherein the operation includes a plurality of processes, each process being performed at a separate processing device in the cluster.

10. A method comprising:
- receiving at a storage server a client request for an object stored at the server;
  
  selecting a processing device from among a plurality of processing devices that form a cluster, based on a classification of the processing device relative to other processing devices in the cluster, wherein the classification is based on a performance criterion;
  
  assigning by the storage server a specific access type to the processing device when the storage server verifies the processing device satisfies restriction criteria, the processing device separate from the storage server and not in a path from the client to the object, the specific access type allowing the processing device to perform an operation on the object even while another client has a lock on the object, wherein the operation is from the set of operations consisting of virus scanning, data decompression, data encryption, and data compaction;
  
  causing the processing device to perform the operation;
  
  receiving at the storage server a result of the operation from the processing device; and
  
  conditionally allowing access to the object in response to the client request according to the result of the operation.
- View Dependent Claims (11)
- - 11. A method as in claim 10, wherein the operation includes a plurality of processes, each process being performed at a separate processing device in the cluster.

12. An apparatus comprising:
- a storage server storing a set of objects and having a network interface; and
  
  a processing device coupled to the server, wherein the processing device is one of a plurality of processing devices configured as a cluster which is not in a path from a client to the objects stored at the server,wherein;
  
  the storage server receives a client request for an object of the set of objects through the network interface;
  
  the storage server selects the processing device from among the plurality of processing devices, based on a classification of the processing device relative to other processing devices in the cluster, wherein the classification is based on a performance criterion;
  
  the storage server assigns a specific access type to a processing device when the storage server verifies the processing device satisfies restriction criteria, the processing device separate from the storage server and not in a path from the client to the object, the specific access type allowing the processing device to perform an operation on the object even while another user has a lock on the object, wherein the operation is from the set of operations consisting of virus scanning, data decompression, data encryption, and data compaction;
  
  the storage server causes the processing device to perform the operation;
  
  the storage server receives at the storage server a result of the operation from the processing device; and
  
  the storage server conditionally allows access to the object in response to the client request according to the result of the operation.
- View Dependent Claims (13)
- - 13. An apparatus as in claim 12, wherein the operation includes a plurality of processes, each process being performed at a separate processing device in the cluster.

14. A storage server comprising:
- a processor; and
  
  a memory coupled to the processor through a bus, the memory storing executable instructions that cause the processor to select a processing device from among a plurality of processing devices that form a cluster, based on a classification of the processing device relative to other processing devices in the cluster, wherein the classification is based on a performance criterion, and to determine whether to cause a processing device toperform an operation on an object requested by a client and to assign a specific access type to the processing device when the processor verifies the processing device satisfies restriction criteria, wherein the operation is from the set of operations consisting of virus scanning. data decompression, data encryption. and data compaction, the specific access type allowing the processing device to perform an operation on the object even while another user has a lock on the object, wherein the processing device is separate from the storage server and is not in a path from the client to objects stored at the storage server.
- View Dependent Claims (15)
- - 15. A storage server as in claim 14, wherein the operation includes a plurality of processes, each process being performed at a separate processing device in the cluster.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
NetApp, Inc.
Original Assignee
NetApp, Inc.
Inventors
Muhlestein, Mark
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
Khoshnoodi; Nadia

Application Number

US10/010,959
Publication Number

US 20020103783A1
Time in Patent Office

2,699 Days
Field of Search

713/188, 713/200
US Class Current

726/3
CPC Class Codes

G06F 21/562 Static detection

G06F 2221/2115 Third party

Decentralized virus scanning for stored data

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Decentralized virus scanning for stored data

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links