Content filtering of remote file-system access protocols
First Claim
1. A method comprisingreceiving at a network device, logically interposed between a client and a server, a remote file-system access protocol request from the client, the remote file-system access protocol request representing a request to make a partial file access to a file associated with a share of the server;
- the network device issuing the remote file-system access protocol request to the server on behalf of the client;
the network device implementing a single shared holding buffer for the file during a particular remote file-system access protocol session, wherein the single shared holding buffer is used for both read and write accesses to the file and is used for accesses to the file by a plurality of processes running on the client by mapping different file IDs referring to the file to the single shared holding buffer;
the network device buffering into the single shared holding buffer data being read from or written to the file as a result of the remote file-system access protocol request; and
responsive to a predetermined event in relation to the remote file-system access protocol or the holding buffer, the network device determining the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the holding buffer.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a transparent proxy running within a network gateway logically interposed between a client and a server intercepts remote file-system access protocol requests/responses. Responsive to receipt of a remote file-system access protocol request from the client, the network gateway issues the remote file-system access protocol request to the server on behalf of the client. The network gateway buffers into a holding buffer associated with the network gateway data being read from or written to a file associated with a share of the server. Then, responsive to a predetermined event in relation to the remote file-system access protocol or the holding buffer, the network gateway determines the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the holding buffer.
-
Citations
52 Claims
-
1. A method comprising
receiving at a network device, logically interposed between a client and a server, a remote file-system access protocol request from the client, the remote file-system access protocol request representing a request to make a partial file access to a file associated with a share of the server; -
the network device issuing the remote file-system access protocol request to the server on behalf of the client; the network device implementing a single shared holding buffer for the file during a particular remote file-system access protocol session, wherein the single shared holding buffer is used for both read and write accesses to the file and is used for accesses to the file by a plurality of processes running on the client by mapping different file IDs referring to the file to the single shared holding buffer; the network device buffering into the single shared holding buffer data being read from or written to the file as a result of the remote file-system access protocol request; and responsive to a predetermined event in relation to the remote file-system access protocol or the holding buffer, the network device determining the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the holding buffer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
creating (i) a plurality of holding buffers in which data collected from partial file accesses associated with a remote file-system access protocol is stored, (ii) a holding buffer context table, (iii) a file map table and (iv) a usage table corresponding to each holding buffer of the plurality of holding buffers within one or more computer-readable media, wherein each holding buffer corresponds to a single file, is used for both read and write accesses to the single file and is used for accesses to the single file by a plurality of remote processes by mapping different file IDs referring to the single file to the corresponding holding buffer; tracking within the holding buffer context table references to each of the plurality of holding buffers; mapping references to a common file to a common holding buffer of the plurality of holding buffers with the file map table; tracking modified and unmodified portions of the plurality of holding buffers using the usage table corresponding to each holding buffer; responsive to a predetermined event in relation to a holding buffer of the plurality of holding buffers, determining the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the holding buffer. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
-
-
23. A method comprising
receiving at a network device, logically interposed between a client and a server, a remote file-system access protocol request from the client, the remote file-system access protocol request representing a random or sequential access to a portion of data of a file associated with a share of the server; -
the network device issuing the remote file-system access protocol request to the server on behalf of the client; the network device implementing a holding buffer for the file during a particular remote file-system access protocol session, wherein the holding buffer is used for both read and write accesses to the file and is shared by a plurality of processes running on the client and accessing the file by mapping different file IDs referring to the file to the holding buffer; the network device buffering into the holding buffer the portion of data being read from or written to the file responsive to the remote file-system access protocol request; and responsive to a predetermined event in relation to the remote file-system access protocol or the holding buffer, the network device determining the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the holding buffer. - View Dependent Claims (24, 25, 26, 27, 28, 29, 30)
-
-
31. A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of a network device logically interposed between a client and a server, cause the one or more processors to perform a method comprising:
-
receiving a remote file-system access protocol request from the client, the remote file-system access protocol request representing a request to make a partial file access to a file associated with a share of the server; issuing the remote file-system access protocol request to the server on behalf of the client; implementing a single shared holding buffer for the file during a particular remote file-system access protocol session, wherein the single shared holding buffer is used for both read and write accesses to the file and is used for accesses to the file by a plurality of processes running on the client by mapping different file IDs referring to the file to the single shared holding buffer; buffering into the single shared holding buffer data being read from or written to the file as a result of the remote file-system access protocol request; and responsive to a predetermined event in relation to the remote file-system access protocol or the holding buffer, determining the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the holding buffer. - View Dependent Claims (32, 33, 34, 35, 36, 37, 38)
-
-
39. A network device comprising:
-
one or more non-transitory storage devices having embodied therein one or more routines; and one or more processors coupled to the non-transitory storage device and operable to execute the one or more routines to perform a method comprising; creating (i) a plurality of holding buffers in which data collected from partial file accesses associated with a remote file-system access protocol is stored, (ii) a holding buffer context table, (iii) a file map table and (iv) a usage table corresponding to each holding buffer of the plurality of holding buffers within the one or more non-transitory storage devices, wherein each holding buffer corresponds to a single file, is used for both read and write accesses to the single file and is used for accesses to the single file by a plurality of remote processes by mapping different file IDs referring to the single file to the corresponding holding buffer; tracking within the holding buffer context table references to each of the plurality of holding buffers; mapping references to a common file to a common holding buffer of the plurality of holding buffers with the file map table; tracking modified and unmodified portions of the plurality of holding buffers using the usage table corresponding to each holding buffer; responsive to a predetermined event in relation to a holding buffer of the plurality of holding buffers, determining the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the holding buffer. - View Dependent Claims (40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52)
-
Specification