Anti-malware system and operating method thereof
First Claim
Patent Images
1. A method of an anti-malware processor, the method comprising:
- filtering by a first logic unit of the processor, input data based on a rule; and
scanning by a second logic unit of the processor, for malware in the data, the filtering and the scanning being performed at a same time,wherein the input data is packet data, the method further comprising determining whether the packet data contains data to be scanned for malware,wherein the scanning is performed only if it is determined that the packet data contains data to be scanned for malware,wherein, if the packet data does not match the rule as a result of the filtering and if it is determined that the packet data does not contain the malware as a result of the scanning, the packet data is transmitted to an external device or an application unit,wherein, if the packet data does not match the rule as a result of the filtering, but if it is determined that the packet data contains the malware as a result of the scanning, the packet data is not transmitted to an external device or an application unit, andwherein the method further comprises;
if it is determined that the packet data does not match the rule in the filtering, storing the packet data in a standby buffer; and
if it is determined that the packet data not matching the rule contains the data to be scanned for malware in the determining, copying the packet data to an auxiliary buffer and storing the packet data in the auxiliary buffer.
1 Assignment
0 Petitions
Accused Products
Abstract
An anti-malware device and an operating method thereof are provided. The operating method includes: filtering by a first logic unit of the processor, input data based on a rule; and scanning by a second logic unit of the processor, for malware in the data, the filtering and the scanning being performed at the same time. Accordingly, the security of the packet data is tightened.
37 Citations
12 Claims
-
1. A method of an anti-malware processor, the method comprising:
-
filtering by a first logic unit of the processor, input data based on a rule; and scanning by a second logic unit of the processor, for malware in the data, the filtering and the scanning being performed at a same time, wherein the input data is packet data, the method further comprising determining whether the packet data contains data to be scanned for malware, wherein the scanning is performed only if it is determined that the packet data contains data to be scanned for malware, wherein, if the packet data does not match the rule as a result of the filtering and if it is determined that the packet data does not contain the malware as a result of the scanning, the packet data is transmitted to an external device or an application unit, wherein, if the packet data does not match the rule as a result of the filtering, but if it is determined that the packet data contains the malware as a result of the scanning, the packet data is not transmitted to an external device or an application unit, and wherein the method further comprises; if it is determined that the packet data does not match the rule in the filtering, storing the packet data in a standby buffer; and if it is determined that the packet data not matching the rule contains the data to be scanned for malware in the determining, copying the packet data to an auxiliary buffer and storing the packet data in the auxiliary buffer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An anti-malware device comprising:
-
a processor comprising; a firewall engine which comprises first logic units that filter input data based on a rule, and determines whether the input data contains data to be scanned for malware; and an anti-malware engine which comprises second logic units that scan for malware in the input data, if the firewall engine determines that the input data contains the data to be scanned for malware, wherein the firewall engine filters and the anti-malware engine scans at a same time wherein the input data is packet data, the firewall engine determines whether the packet data contains data to be scanned for malware, and the second logic units scan for the malware only if the firewall engine determines that the packet data contains the data to be scanned for malware, wherein the anti-malware device further comprises a standby buffer and an auxiliary buffer, wherein the firewall engine stores the data in the standby buffer if it is determined that the packet data does not match the rule, and stores the data in the auxiliary buffer if the packet data not matching the rule contains the data to be scanned for malware. - View Dependent Claims (9, 10, 11, 12)
-
Specification