Systems and methods for computer security

US 8,407,792 B2
Filed: 05/19/2004
Issued: 03/26/2013
Est. Priority Date: 05/19/2004
Status: Active Grant

First Claim

Patent Images

1. A method for maintaining computer security comprising:

receiving, at a proxy server, an email directed from an email server to an email client associated with the email server;

scanning an email message included in the received email using intrusion detection signatures to determine if the email message would exploit a vulnerability associated with the email server;

determining whether an attachment included in the received email is infected with malicious code;

byparsing the received email;

converting the received email into an internal format; and

determining, at the proxy server, whether the converted received email includes malicious code using a virus signature file; and

based on a determination that the attachment is infected;

removing the attachment from the received email;

modifying the received email, the modification indicating that the attachment was removed; and

sending the modified email to the email client.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for maintaining computer security comprises receiving an incoming email destined for an email server, determining whether the received incoming email is infected with malicious code and blocking the incoming email determined to be infected with malicious code from reaching the email server.

32 Citations

View as Search Results

26 Claims

1. A method for maintaining computer security comprising:
- receiving, at a proxy server, an email directed from an email server to an email client associated with the email server;
  
  scanning an email message included in the received email using intrusion detection signatures to determine if the email message would exploit a vulnerability associated with the email server;
  
  determining whether an attachment included in the received email is infected with malicious code;
  
  byparsing the received email;
  
  converting the received email into an internal format; and
  
  determining, at the proxy server, whether the converted received email includes malicious code using a virus signature file; and
  
  based on a determination that the attachment is infected;
  
  removing the attachment from the received email;
  
  modifying the received email, the modification indicating that the attachment was removed; and
  
  sending the modified email to the email client.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising reassembling the converted email back into its original format if it is determined that the received email does not include malicious code.
  - 3. The method of claim 2, wherein sending the modified email comprises sending the reassembled email to the email client.
  - 4. The method of claim 1, wherein the virus signature file contains information about known email viruses.
  - 5. The method of claim 1, wherein the virus signature file contains information about known viruses for email attachments.
  - 6. The method of claim 1, further comprising continuously updating the virus signature file.
  - 7. The method of claim 1, further comprising periodically downloading an updated virus signature file in order to make its copy current.
  - 8. The method of claim 1, wherein the received email is parsed based on a protocol of the email, wherein the proxy server supports the protocol.
  - 9. The method of claim 2, wherein the converted email is reassembled based on a protocol of the email, wherein the proxy server supports the protocol.
  - 10. The method of claim 1, further comprising sending a notification to the sender of the received email and the receiver of the received email, the notification indicating that the attachment is infected with malicious code.

11. A computer system for maintaining computer security comprising:
- one or more computers configured to store computer code executable by the one or more computers, the computer code configured to;
  
  receive, at a proxy server, an email directed from an email server to an email client associated with the email server;
  
  scan an email message included in the received email using intrusion detection signatures to determine if the email message would exploit a vulnerability associated with the email server;
  
  determine whether an attachment included in the received email is infected with malicious code; and
  
  based on a determination that the attachment is infected;
  
  remove the attachment from the received email;
  
  modify the received email, the modification indicating that the attachment was removed; and
  
  send the modified email to the email client;
  
  wherein the computer code is further configured to determine whether an attachment included in the received email is infected with malicious code by;
  
  parsing the received email;
  
  converting the received email into an internal format; and
  
  determining, at the proxy server, whether the converted received email includes malicious code using a virus signature file.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The computer system of claim 11, wherein the computer code is further configured to reassemble the converted email back into its original format if it is determined that the received email does not include malicious code.
  - 13. The computer system of claim 12, wherein the computer code is configured to send the modified email to the client by sending the reassembled email to the client.
  - 14. The computer system of claim 11, wherein the virus signature file contains information about known email viruses.
  - 15. The computer system of claim 11, wherein the virus signature file contains information about known viruses for email attachments.
  - 16. The computer system of claim 11, wherein the computer code is further configured to continuously update the virus signature file.
  - 17. The computer system of claim 11, wherein the computer code is further configured to periodically download an updated virus signature file in order to make its copy current.

18. A computer system for maintaining computer security comprising:
- one or more computers configured to store computer code executable by the one or more computers, the computer code configured to;
  
  receive, at a proxy server, an email directed from an email server to an email client associated with the email server;
  
  scan an email message included in the received email using intrusion detection signatures to determine if the email message would exploit a vulnerability associated with the email server;
  
  determine whether an attachment included in the received email is infected with malicious code by;
  
  parsing the received email;
  
  converting the received email into an internal format; and
  
  determining, at the proxy server, whether the converted received email includes malicious code using a virus signature file; and
  
  based on a determination where the attachment is infected;
  
  remove the attachment from the received email;
  
  modify the received email, the modification indicating that the attachment was removed; and
  
  send the modified email to the email client.
- View Dependent Claims (19)
- - 19. The computer system of claim 18, wherein the computer code is further configured to reassemble the converted email.

20. A non-transitory computer storage medium including computer executable code for maintaining computer security, wherein the code is configured to:
- receive, at a proxy server, an email directed from an email server to an email client associated with the email server;
  
  scan an email message included in the received email using intrusion detection signatures to determine if the email message would exploit a vulnerability associated with the email server;
  
  determine whether an attachment included in the received email is infected with malicious code by;
  
  parsing the received email;
  
  converting the received email into an internal format; and
  
  determining, at the proxy server, whether the converted received email includes malicious code using a virus signature file; and
  
  based on a determination that the attachment is infected;
  
  remove the attachment from the received email;
  
  modify the received email, the modification indicating that the attachment was removed; and
  
  send the modified email to the email client.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The computer storage medium of claim 20, wherein the code is further configured to reassemble the converted email back into its original format if it is determined that the received email does not include malicious code.
  - 22. The computer storage medium of claim 21, wherein the code is configured to send the modified email to the client by sending the reassembled email to the email client.
  - 23. The computer storage medium of claim 20, wherein the virus signature file contains information about known email viruses.
  - 24. The computer storage medium of claim 20, wherein the virus signature file contains information about known viruses for email attachments.
  - 25. The computer storage medium of claim 20, wherein the code is configured to continuously update the virus signature file.
  - 26. The computer storage medium of claim 20, wherein the code is configured to periodically download an updated virus signature file in order to make its copy current.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Original Assignee
CA, Inc. (d/b/a CA Technologies) (Broadcom, Inc.)
Inventors
Gassoway, Paul
Primary Examiner(s)
Zee, Edward

Application Number

US10/849,633
Publication Number

US 20050262566A1
Time in Patent Office

3,233 Days
Field of Search

713/38, 713/188, 726/23, 726/24
US Class Current

726/24
CPC Class Codes

G06F 21/564   by virus signature recognition

H04L 51/063   Content adaptation, e.g. re...

H04L 51/212   using filtering or selectiv...

Systems and methods for computer security

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

32 Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for computer security

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links