Optimization of distributed anti-virus scanning
First Claim
1. A method, comprising:
- receiving a computer readable message in a multi-node network;
determining an acceptable policy threshold representative of a plurality of individual policy configurations of a plurality of scanning tools distributed throughout the multi-node network;
determining whether the message has previously been scanned to the acceptable policy threshold to reduce duplicative scanning;
if previously scanned, allowing the message to be communicated to at least one component of the multi-node network;
if not previously scanned, performing scanning of the message at the acceptable policy threshold, wherein the performing the scanning includes;
if the scanning is successful, stamping the message as having been scanned, and allowing the message to be communicated to at least one component of the multi-node network; and
if the scanning is unsuccessful, stamping the message as having been scanned, and enforcing the acceptable policy threshold before allowing dissemination of the message within the multi-node network.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for optimizing distributed anti-virus (AV) scanning are described. In one implementation, a message is received into a multi-node network that includes a plurality of distributed scanning tools. An acceptable scanning policy threshold is determined that is representative of a plurality of individual scanning policy configurations of the plurality of scanning tools. A determination is made whether the message has previously been scanned to the acceptable scanning policy threshold based on a single valued element. If the message has been previously scanned, the message is allowed to be communicated. Otherwise, the message is scanned at the acceptable scanning policy threshold. If the scanning is successful, then the message is marked as having been scanned, and is allowed to be communicated. If the scanning is unsuccessful, the message is prevented from being communicated.
37 Citations
20 Claims
-
1. A method, comprising:
-
receiving a computer readable message in a multi-node network; determining an acceptable policy threshold representative of a plurality of individual policy configurations of a plurality of scanning tools distributed throughout the multi-node network; determining whether the message has previously been scanned to the acceptable policy threshold to reduce duplicative scanning; if previously scanned, allowing the message to be communicated to at least one component of the multi-node network; if not previously scanned, performing scanning of the message at the acceptable policy threshold, wherein the performing the scanning includes; if the scanning is successful, stamping the message as having been scanned, and allowing the message to be communicated to at least one component of the multi-node network; and if the scanning is unsuccessful, stamping the message as having been scanned, and enforcing the acceptable policy threshold before allowing dissemination of the message within the multi-node network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. One or more computer storage devices containing computer-readable instructions that, when executed by a processor, perform a method comprising:
-
receiving an object into a multi-node network; determining an acceptable threshold representative of a plurality of individual configurations of a plurality of scanning tools distributed throughout the multi-node network; determining whether the object has previously been scanned to the acceptable threshold to eliminate duplicative scanning; if previously scanned, allowing the object to be communicated to at least one component of the multi-node network; if not previously scanned, performing scanning of the object at the acceptable threshold, wherein the performing the scanning includes; if the scanning determines that the object is in conformance with the acceptable threshold, stamping the object as having been scanned and allowing the object to be communicated to at least one component of the multi-node network;
orif the scanning determines that the object is in violation of the acceptable threshold, stamping the object as having been scanned, and subsequently enforcing the acceptable threshold before allowing further dissemination of the object within the multi-node network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A device, comprising:
-
a processor; a memory operatively coupled to the processor; a communication component stored in the memory and configured to be operatively executed by the processor to receive an incoming message; and at least one scanning component stored in the memory and configured to be operatively executed by the processor to; determine an acceptable policy threshold representative of a plurality of individual scanning policy configurations of a plurality of scanning tools distributed throughout a multi-node network; determine whether the message has previously been scanned to the acceptable policy threshold to prevent duplicative scanning; if previously scanned, allow the message to be communicated by the communication component; if not previously scanned, perform scanning of the message at the acceptable policy threshold, wherein the scanning includes; if the scanning is successful, stamp the message as having been scanned, and allow the message to be communicated by the communication component; and if the scanning is unsuccessful, stamp the message as having been scanned, and prevent communication of the message by the communication component. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification