Antivirus intelligent flow framework
First Claim
Patent Images
1. A method comprising:
- receiving, by a network device, a packet from a device in a network;
identifying, by the network device, a plurality of data transactions associated with the packet;
assessing, by the network device, a risk level associated with a particular data transaction of the plurality of data transactions;
performing, by the network device, a content type check for the particular data transaction;
performing, by the network device, an infected content check for the particular data transaction;
classifying, by the network device, the particular data transaction for a fast path virus scanning process based on the risk level, the content type check, and the infected content check;
sending, by the network device and after classifying the particular data transaction for the fast path virus scanning process, a first portion of data, associated with the particular data transaction, to a destination device before scanning the data for a virus;
detecting, by the network device and after classifying the particular data transaction for the fast path virus scanning process, the virus in a second portion of the data; and
terminating, by the network device and based on the particular data transaction being classified for the fast path virus scanning process, a connection for the particular data transaction after sending the first portion of the data and after detecting the virus in the second portion of the data.
1 Assignment
0 Petitions
Accused Products
Abstract
A device receives a data transaction associated with packet, determines a risk level associated with the data transaction, and performs a content type check for the data transaction. The device also performs an infected content check for the data transaction, and classifies, based on the determined risk and the performed checks, the data transaction for one of a slow path virus scanning process or a fast path virus scanning process. The device further performs, based on the classification, one of the slow path virus scanning process or the fast path virus scanning process on the data transaction.
23 Citations
21 Claims
-
1. A method comprising:
-
receiving, by a network device, a packet from a device in a network; identifying, by the network device, a plurality of data transactions associated with the packet; assessing, by the network device, a risk level associated with a particular data transaction of the plurality of data transactions; performing, by the network device, a content type check for the particular data transaction; performing, by the network device, an infected content check for the particular data transaction; classifying, by the network device, the particular data transaction for a fast path virus scanning process based on the risk level, the content type check, and the infected content check; sending, by the network device and after classifying the particular data transaction for the fast path virus scanning process, a first portion of data, associated with the particular data transaction, to a destination device before scanning the data for a virus; detecting, by the network device and after classifying the particular data transaction for the fast path virus scanning process, the virus in a second portion of the data; and terminating, by the network device and based on the particular data transaction being classified for the fast path virus scanning process, a connection for the particular data transaction after sending the first portion of the data and after detecting the virus in the second portion of the data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 20)
-
-
8. A network device comprising:
-
a memory; and a processor to; identify a data transaction, determine a risk level associated with the data transaction, perform a content type check for the data transaction, perform an infected content check for the data transaction, classify the data transaction for a fast path virus scanning process based on the risk level, the content type check, and the infected content check, send, after classifying the data transaction for the fast path virus scanning process, a first portion of data associated with the data transaction to a destination device without scanning the first portion of the data for a virus, detect, after classifying the data transaction for the fast path virus scanning process, the virus in a second portion of the data, and close a connection for the data transaction after sending the first portion of the data and based on detecting the virus in the second portion of the data. - View Dependent Claims (9, 10, 11, 12, 13, 14, 21)
-
-
15. A non-transitory computer-readable medium storing instructions, the instructions comprising:
one or more instructions that, when executed by one or more processors, cause the one or more processors to; receive a packet associated with a plurality of data transactions; assess a risk level associated with a particular data transaction of the plurality of data transactions; perform a content type check for the particular data transaction; perform an infected content check for the particular data transaction; classify the particular data transaction for a fast path virus scanning process based on the risk level, the content type check, and the infected content check indicating that a risk of the particular data transaction containing a virus is less than a particular threshold; send, after classifying the particular data transaction for the fast path virus scanning process, a first portion of data associated with the particular data transaction to a destination device without scanning the first portion of the data for the virus; detect, after classifying the particular data transaction for the fast path virus scanning process, the virus in a second portion of the data; and terminate, based on the particular data transaction being classified for the fast path virus scanning process, a connection for the particular data transaction after detecting the virus in the second portion of the data. - View Dependent Claims (16, 17, 18, 19)
Specification