Filtered antivirus scanning
First Claim
1. A computer program product comprising:
- a computer-readable storage medium having executable computer program logic embodied therein for detecting computer viruses in files of a computer system, the computer program logic comprising;
a file typing module foranalyzing files of the computer system,generating information describingvirus infection susceptibility characteristics of the files, andstoring the generated information ina file information cache;
a file modification module fordetecting changes to the files andupdating the stored information forchanged files;
a virus definition module forreceiving from a remote servera plurality of virus definitions andholding the received virus definitions,each virus definition
identifying a virus,
describing one or more characteristics of files
that are susceptible to the virus and
describing how to detect the virus
within a file;
a filter generation module forreceiving the characteristics of filesthat are susceptible to a virus
as described by a virus definition andquerying the file information cacheusing characteristics described by the virus definition to identify
a subset of files having the characteristics; and
a file scanning module forreceiving the description of how todetect the virus within a file from
the virus definition andexamining the files within the subsetto determine whether a file
is infected by the virus.
2 Assignments
0 Petitions
Accused Products
Abstract
An antivirus client module (114) includes a virus definitions module (312) holding information describing characteristics of files that can potentially be infected by viruses and information enabling a determination of whether a file is actually infected by a virus. The client module (114) also includes a filtering module (314) having a file information cache (410) describing characteristics of files. A file scanning module (316) can scan files to determine whether the files are infected by viruses. The antivirus client module (114) queries the file information cache (410) using the information describing characteristics of files to identify the set of files that are susceptible to a given virus. The file scanning module (316) scans the files in the set.
46 Citations
10 Claims
-
1. A computer program product comprising:
a computer-readable storage medium having executable computer program logic embodied therein for detecting computer viruses in files of a computer system, the computer program logic comprising; a file typing module for analyzing files of the computer system, generating information describing virus infection susceptibility characteristics of the files, and storing the generated information in a file information cache; a file modification module for detecting changes to the files and updating the stored information for changed files; a virus definition module for receiving from a remote server a plurality of virus definitions and holding the received virus definitions, each virus definition
identifying a virus,
describing one or more characteristics of files
that are susceptible to the virus and
describing how to detect the virus
within a file;a filter generation module for receiving the characteristics of files that are susceptible to a virus
as described by a virus definition andquerying the file information cache using characteristics described by the virus definition to identify
a subset of files having the characteristics; anda file scanning module for receiving the description of how to detect the virus within a file from
the virus definition andexamining the files within the subset to determine whether a file
is infected by the virus.- View Dependent Claims (2)
-
3. A method of detecting a computer virus in a computer system, comprising:
-
analyzing a set of files of the computer system and generating information describing virus infection susceptibility characteristics of the files; storing the generated information in a file information cache; detecting changes to files in the set and updating the stored information for changed files; receiving from a remote server a virus definition identifying a virus and including filtering criteria describing characteristics of files that are susceptible to infection by the virus; querying the file information cache using the filtering criteria to identify, from the set of files of the computer system, a subset of files that satisfy the filtering criteria; and examining the files within the subset to determine whether a file is infected with the virus. - View Dependent Claims (4, 5, 6, 7, 8)
-
-
9. A system for detecting computer viruses in files of a computer system, comprising:
a computer-readable storage medium having executable computer program logic embodied therein, the computer program logic comprising; a file typing module for analyzing files of the computer system, generating information describing virus infection susceptibility characteristics of the files, and storing the generated information in a file information cache; a file modification module for detecting changes to the files and updating the stored information for changed files; a virus definition module for receiving from a remote server a plurality of virus definitions and holding the received virus definitions, each virus definition
identifying a virus,
describing one or more characteristics of files
that are susceptible to the virus and
describing how to detect the virus
within a file;a filter generation module for receiving the characteristics of files that are susceptible to a virus
as described by a virus definition andquerying the file information cache using characteristics described by the virus definition to identify
a subset of files having the characteristics; anda file scanning module for receiving the description of how to detect the virus within a file from
the virus definition andexamining the files within the subset to determine whether a file
is infected by the virus.- View Dependent Claims (10)
Specification