Filtered antivirus scanning

US 7,523,500 B1
Filed: 06/08/2004
Issued: 04/21/2009
Est. Priority Date: 06/08/2004
Status: Active Grant

First Claim

Patent Images

1. A computer program product comprising:

a computer-readable storage medium having executable computer program logic embodied therein for detecting computer viruses in files of a computer system, the computer program logic comprising;

a file typing module foranalyzing files of the computer system,generating information describingvirus infection susceptibility characteristics of the files, andstoring the generated information ina file information cache;

a file modification module fordetecting changes to the files andupdating the stored information forchanged files;

a virus definition module forreceiving from a remote servera plurality of virus definitions andholding the received virus definitions,each virus definition

identifying a virus,

describing one or more characteristics of files

that are susceptible to the virus and

describing how to detect the virus

within a file;

a filter generation module forreceiving the characteristics of filesthat are susceptible to a virus

as described by a virus definition andquerying the file information cacheusing characteristics described by the virus definition to identify

a subset of files having the characteristics; and

a file scanning module forreceiving the description of how todetect the virus within a file from

the virus definition andexamining the files within the subsetto determine whether a file

is infected by the virus.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An antivirus client module (114) includes a virus definitions module (312) holding information describing characteristics of files that can potentially be infected by viruses and information enabling a determination of whether a file is actually infected by a virus. The client module (114) also includes a filtering module (314) having a file information cache (410) describing characteristics of files. A file scanning module (316) can scan files to determine whether the files are infected by viruses. The antivirus client module (114) queries the file information cache (410) using the information describing characteristics of files to identify the set of files that are susceptible to a given virus. The file scanning module (316) scans the files in the set.

46 Citations

View as Search Results

10 Claims

1. A computer program product comprising:
- a computer-readable storage medium having executable computer program logic embodied therein for detecting computer viruses in files of a computer system, the computer program logic comprising;
  
  a file typing module foranalyzing files of the computer system,generating information describingvirus infection susceptibility characteristics of the files, andstoring the generated information ina file information cache;
  
  a file modification module fordetecting changes to the files andupdating the stored information forchanged files;
  
  a virus definition module forreceiving from a remote servera plurality of virus definitions andholding the received virus definitions,each virus definition
  
  identifying a virus,
  
  describing one or more characteristics of files
  
  that are susceptible to the virus and
  
  describing how to detect the virus
  
  within a file;
  
  a filter generation module forreceiving the characteristics of filesthat are susceptible to a virus
  
  as described by a virus definition andquerying the file information cacheusing characteristics described by the virus definition to identify
  
  a subset of files having the characteristics; and
  
  a file scanning module forreceiving the description of how todetect the virus within a file from
  
  the virus definition andexamining the files within the subsetto determine whether a file
  
  is infected by the virus.
- View Dependent Claims (2)
- - 2. The computer program product of claim 1, wherein a virus definition comprises:
    - filtering criteria specifying a set of logical conditions that are satisfied by files that are susceptible to the virus identified by the virus definition.

3. A method of detecting a computer virus in a computer system, comprising:
- analyzing a set of files of the computer system andgenerating information describingvirus infection susceptibility characteristics of the files;
  
  storing the generated information ina file information cache;
  
  detecting changes to files in the set andupdating the stored information forchanged files;
  
  receiving from a remote server a virus definitionidentifying a virus andincluding filtering criteriadescribing characteristics of filesthat are susceptible to infection by the virus;
  
  querying the file information cacheusing the filtering criteria to identify,from the set of files of the computer system,a subset of files thatsatisfy the filtering criteria; and
  
  examining the files within the subsetto determine whether a fileis infected with the virus.
- View Dependent Claims (4, 5, 6, 7, 8)
- - 4. The method of claim 3, wherein the identifying comprises:
    - applying the filtering criteriato the information describing the virus infection susceptibility characteristicsof the filesto identifythe set of files.
  - 5. The method of claim 3,wherein the filtering criteria includeone or more logical conditions that are satisfiedby files that are susceptible to the virus, andwherein the querying the file information cache comprises:
    - evaluating the logical conditions againstthe files within the set of filesto identify any files
      
      satisfying the logical conditions; and
      
      adding to the subsetany files identified assatisfying the logical conditions.
  - 6. The method of claim 3, wherein the filtering criteria specify file types that are susceptible to infection by the virus.
  - 7. The method of claim 3,wherein the filtering criteria specifytechniques utilized by the virusto infect files of the computer system.
  - 8. The method of claim 3,wherein generating information describing characteristics of the files comprisesetting flags for fileshaving characteristics satisfying the filtering criteriain the virus definition
    - received from the remote server.

9. A system for detecting computer viruses in files of a computer system, comprising:
- a computer-readable storage medium having executable computer program logic embodied therein, the computer program logic comprising;
  
  a file typing module foranalyzing files of the computer system,generating information describingvirus infection susceptibility characteristics of the files, andstoring the generated information ina file information cache;
  
  a file modification module fordetecting changes to the files andupdating the stored information forchanged files;
  
  a virus definition module forreceiving from a remote servera plurality of virus definitions andholding the received virus definitions,each virus definition
  
  identifying a virus,
  
  describing one or more characteristics of files
  
  that are susceptible to the virus and
  
  describing how to detect the virus
  
  within a file;
  
  a filter generation module forreceiving the characteristics of filesthat are susceptible to a virus
  
  as described by a virus definition andquerying the file information cacheusing characteristics described by the virus definition to identify
  
  a subset of files having the characteristics; and
  
  a file scanning module forreceiving the description of how todetect the virus within a file from
  
  the virus definition andexamining the files within the subsetto determine whether a file
  
  is infected by the virus.
- View Dependent Claims (10)
- - 10. The system of claim 9, wherein a virus definition comprises:
    - filtering criteria specifying a set of logical conditions that are satisfied by files that are susceptible to the virus identified by the virus definition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
Symantec Corporation (NortonLifeLock Inc.)
Inventors
Vogel, Gregory D., Szor, Peter
Primary Examiner(s)
Zand; Kambiz
Assistant Examiner(s)
Baum; Ronald

Application Number

US10/864,109
Time in Patent Office

1,778 Days
Field of Search

726/24
US Class Current

726/24
CPC Class Codes

G06F 21/563 by source code analysis

Filtered antivirus scanning

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

46 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Filtered antivirus scanning

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links