×

Method of, and system for, heuristically detecting viruses in executable code

  • US 7,664,754 B2
  • Filed: 03/08/2004
  • Issued: 02/16/2010
  • Est. Priority Date: 04/25/2003
  • Status: Expired due to Fees
First Claim
Patent Images

1. An anti-malware file scanning system for computer files being transferred between computers, the system being implemented on a computer apparatus and comprising:

  • a) a computer database containing records of known executable programs which are deemed to be not malware and criteria by which a file being processed can be determined to be an instance of one of those programs, the criteria including at least one characteristic signature associated with each said instance;

    b) means for processing a file being transferred between computers, the means b) comprising;

    a file recogniser operative to determine whether the file being processed is an instance of a known program by checking the contents of the file being processed for the presence of said at least one characteristic signature associated with the said instances;

    a difference checker operative, in the case that the file recogniser determines the file being processed to be an instance of a known program, to check whether the file is an unchanged version of that known program;

    c) means for signalling the file, depending on the determination made by the processing means, as being;

    likely to be not malware if it is an unchanged version of a known file;

    likely to be malware if it is a changed version of a known file;

    orof unknown status if it is not determined as being an instance of a known file;

    wherein the processor assigns a score to a file identified as likely to be malware, andstoring the determination that the file is likely to be not malware, is likely to be malware or is of unknown status.

View all claims
  • 2 Assignments
Timeline View
Assignment View
    ×
    ×