Thin client for computer security applications

US 8,127,358 B1
Filed: 05/30/2007
Issued: 02/28/2012
Est. Priority Date: 05/30/2007
Status: Active Grant

First Claim

Patent Images

1. A computer implemented method for remotely scanning a target file located in a client computer for malicious codes using a scan engine and a scan server running on a server computer without transferring an entirety of the target file to the server computer, the method comprising:

receiving, by the scan server, a scan request from a client agent over a computer network, the scan request requesting scanning a target file located in the client computer for malicious codes;

wherein the client agent running on the client computer to remotely execute file input/output (I/O) instructions for the scan server;

creating, by the scan server, a virtual file name for the target file and informing the scan engine the virtual file name that allows the scan engine to refer to the virtual file name in issuing file I/O instructions to access the target file in the client computer;

creating, by the scan engine, an open file I/O instruction to open the target file located in the client computer using the virtual file name;

sending, by the scan engine, the open file I/O instruction to the scan server;

converting, by the scan server, the open file (I/O) instruction to a format that can be transmitted over the computer network;

sending, by the scan server, to the client agent over the computer network the open file (I/O) instruction to remotely open the target file in the client computer;

receiving, by the scan server, a result of the open file I/O instruction, from the client agent over the computer network, after the client agent executed the open file I/O instruction at the client computer;

forwarding, by the scan server, the result of the open file I/O instruction to the scan engine, after receiving the result of the open file I/O instruction from the client agent;

remotely scanning, by the scan engine, a portion of the target file using the result of the open file I/O instruction for malicious codes without transferring an entirety of the target file to the scan server; and

providing, by the scan engine, a scanning result to the scan server;

converting, by the scan server, the scanning result to a format that can be transmitted over the computer network;

sending, by the scan server, the scanning result to the client agent;

wherein the client agent further performs the steps of;

adding an entry for the target file in a file cache stored on the client computer when the scanning result indicates that the target file is free of malicious code; and

consulting the file cache prior to scanning files stored on the client computer for malicious codes.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for scanning a file for malicious codes may include a client agent running in a client computer and a scan server running in a server computer, the client computer and the server computer communicating over a computer network. The client agent may be configured to locally receive a scan request to scan a target file for malicious codes and to communicate with the scan server to scan the target file using a scan engine running in the server computer. The scan server in communication with the client agent allows the scan engine to scan the target file by issuing file I/O requests to access the target file located in the client computer. The client agent may be configured to check for digital signatures and to maintain a file cache of previously scanned files to minimize network traffic.

Citations

2 Claims

1. A computer implemented method for remotely scanning a target file located in a client computer for malicious codes using a scan engine and a scan server running on a server computer without transferring an entirety of the target file to the server computer, the method comprising:
- receiving, by the scan server, a scan request from a client agent over a computer network, the scan request requesting scanning a target file located in the client computer for malicious codes;
  
  wherein the client agent running on the client computer to remotely execute file input/output (I/O) instructions for the scan server;
  
  creating, by the scan server, a virtual file name for the target file and informing the scan engine the virtual file name that allows the scan engine to refer to the virtual file name in issuing file I/O instructions to access the target file in the client computer;
  
  creating, by the scan engine, an open file I/O instruction to open the target file located in the client computer using the virtual file name;
  
  sending, by the scan engine, the open file I/O instruction to the scan server;
  
  converting, by the scan server, the open file (I/O) instruction to a format that can be transmitted over the computer network;
  
  sending, by the scan server, to the client agent over the computer network the open file (I/O) instruction to remotely open the target file in the client computer;
  
  receiving, by the scan server, a result of the open file I/O instruction, from the client agent over the computer network, after the client agent executed the open file I/O instruction at the client computer;
  
  forwarding, by the scan server, the result of the open file I/O instruction to the scan engine, after receiving the result of the open file I/O instruction from the client agent;
  
  remotely scanning, by the scan engine, a portion of the target file using the result of the open file I/O instruction for malicious codes without transferring an entirety of the target file to the scan server; and
  
  providing, by the scan engine, a scanning result to the scan server;
  
  converting, by the scan server, the scanning result to a format that can be transmitted over the computer network;
  
  sending, by the scan server, the scanning result to the client agent;
  
  wherein the client agent further performs the steps of;
  
  adding an entry for the target file in a file cache stored on the client computer when the scanning result indicates that the target file is free of malicious code; and
  
  consulting the file cache prior to scanning files stored on the client computer for malicious codes.
- View Dependent Claims (2)
- - 2. The computer implemented method of claim 1, wherein the target file is checked for a valid digital signature in the client computer prior to scanning the target file for malicious codes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Trend Micro Inc.
Original Assignee
Trend Micro Inc.
Inventors
Lee, Wei-Chung
Primary Examiner(s)
Pham, Luu

Application Number

US11/807,727
Time in Patent Office

1,735 Days
Field of Search

726/22
US Class Current

726/24
CPC Class Codes

G06F 21/56   Computer malware detection ...

G06F 21/564   by virus signature recognition

G06F 21/565   by checking file integrity

Thin client for computer security applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

2 Claims

Specification

Solutions

Use Cases

Quick Links

Thin client for computer security applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

2 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links