Streaming malware definition updates
First Claim
1. A method comprising:
- assembling a full signature definition file comprising a first received malware signature, upon receipt of the first received malware signature, whereinthe full signature definition file further comprises a first plurality of malware signatures received up to a specified time;
associating a version identifier with the full signature definition file;
publishing the full signature definition file after the specified time;
assembling a streaming signature definition file comprising the first received malware signature, upon the receipt of the first received malware signature, whereinthe streaming signature definition file further comprises a second plurality of malware signatures received over a first time period,the first time period occurs prior to the specified time, andthe first received malware signature is received during the first time period;
associating the version identifier with the streaming signature definition file; and
publishing the streaming signature definition file upon completion of the first time period.
6 Assignments
0 Petitions
Accused Products
Abstract
A method, system and apparatus for assembling and publishing frequent malware signature definition updates through the use of additive or “streaming” definition packages is provided. Embodiments of the present invention provide such functionality by publishing not only full malware signature definition updates on a long periodicity but also streaming malware signature definition updates containing newly certified signature definitions on a short periodicity. As newly-certified malware signature definitions are received, those newly-certified signature definitions are incorporated not only in the full signature definition file but also in a streaming signature definition update that contains only newly-certified signature definitions received during a streaming update period. At the end of the streaming update period, a streaming signature definition file is made available by publication to anti-malware clients. A streaming signature definition file only contains those signature definitions received during the assembly period for that streaming definition file. Embodiments of the present invention replace a previous streaming signature definition file with a new streaming signature definition file at the time of publication of the new streaming signature definition file.
284 Citations
22 Claims
-
1. A method comprising:
-
assembling a full signature definition file comprising a first received malware signature, upon receipt of the first received malware signature, wherein the full signature definition file further comprises a first plurality of malware signatures received up to a specified time; associating a version identifier with the full signature definition file; publishing the full signature definition file after the specified time; assembling a streaming signature definition file comprising the first received malware signature, upon the receipt of the first received malware signature, wherein the streaming signature definition file further comprises a second plurality of malware signatures received over a first time period, the first time period occurs prior to the specified time, and the first received malware signature is received during the first time period; associating the version identifier with the streaming signature definition file; and publishing the streaming signature definition file upon completion of the first time period. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. An apparatus comprising:
-
a processor; a network interface, coupled to the processor, and configured to receive a first malware signature, a first plurality of malware signatures, and a second plurality of malware signatures; a first storage volume, coupled to the processor, and configured to store a full signature definition file, wherein the full signature definition file comprises the first malware signature; a second storage volume, coupled to the processor, and configured to store a streaming signature definition file, wherein the streaming signature definition file comprises the first malware signature; and a memory, coupled to the processor, and storing instructions executable by the processor, the instructions configured to assemble the full signature definition file, upon receipt of the first received malware signature, wherein the full signature definition file further comprises a first plurality of malware signatures received up to a specified time, associate a version identifier with the full signature definition file, publish the full signature definition file after the specified time, assemble the streaming signature definition file, upon the receipt of the first received malware signature, wherein the streaming signature definition file further comprises a second plurality of malware signatures received over a first time period that occurs prior to the specified time, and the first received malware signature is received during the first time period, associate the version identifier with the streaming signature definition file, and publish the streaming signature definition file upon completion of the first time period. - View Dependent Claims (12, 13, 14, 15, 16)
-
-
17. A system comprising:
a signature update server comprising a processor and a memory coupled to the processor, the memory storing instructions executable by the processor, the instructions configured to implement; a signal processor module configured to receive a first malware signature, and provide the first malware signature to a full definition assembly module and a streaming definition assembly module; the full definition assembly module, coupled to the signal processor module, and configured to assemble a full signature definition file comprising the first malware signature upon receipt of the first received malware signature, associate a version identifier with the full signature definition file, and to store the full signature definition file in an associated first memory, wherein the full signature definition file further comprises a first plurality of malware signatures received by the full definition assembly module up to a specified time; a full definition request module, coupled to the first memory, and configured to transmit all or part of the full signature definition file after the specified time; the streaming definition assembly module, coupled to the signal processor module, and configured to assemble a streaming signature definition file comprising the first malware signature upon the receipt of the first received malware signature, associate the version identifier with the streaming signature definition file, and store the streaming signature definition file in an associated second memory, wherein the streaming signature definition file further comprises a second plurality of malware signatures received over a first time period, the first time period occurs prior to the specified time; and the first received malware signature is received during the first time period; and a streaming definition request module, coupled to the second memory, and configured to transmit the streaming signature definition file upon completion of the first time period. - View Dependent Claims (18, 19, 20, 21, 22)
Specification