Selective virus scanning system and method
First Claim
1. A virus scan system, comprising:
- a full scanning system for performing a full scan of each file in a local file system;
a file inventory system for inventorying each file in the local file system and generating a set of current inventory records, wherein each current inventory record includes a unique key of the associated file, a complete filename of the associated file, and a signature of the associated file;
wherein the unique key includes a hash code of the complete filename of the associated file, and the signature includes a timestamp of a last modification of the associated file and a size of the associated file;
a system for interfacing with a server to store and retrieve an existing set of inventory records stored on the server;
an inventory compare system for comparing the current set of inventory records with the existing set of inventory records to identify files in the local file system that were modified since the existing set of inventory records was generated, wherein a file is identified as modified if the signature for the file in the current set of inventory records does not match the signature for the file in the existing set of inventory records such that at least a size of the file in the current set of inventory records is different from a size of the file in the existing set of inventory records; and
a selective scanning system for selectively scanning only files in the local file system that were identified as modified by the inventory compare system;
wherein, in the case that a record of the current set of inventory records is included at the local file system and not included in the existing set of inventory records on the server, the selective scanning system selectively scans the file associated with the record not included in the existing set of inventory records and located at the local file system, and the system for interfacing with the server submits a request to the server to update the existing set of inventory records stored on the server to indicate that the selective scanning of the file associated with the record not included in the existing set of inventory records and located at the local file system has occurred.
3 Assignments
0 Petitions
Accused Products
Abstract
A virus scanning system and method. A system is provide that includes: a full scanning system for performing a full scan of each file in a file system; a file inventory system for inventorying each file in the file system and generating a set of inventory records, wherein each inventory record includes a unique key associated with each file in the file system; an inventory compare system for comparing a current set of inventory records with an existing set of inventory records to identify files in the file system that were modified since the existing set of inventory records was generated; and a selective scanning system for selectively scanning only files in the file system that were identified as modified by the inventory compare system.
25 Citations
14 Claims
-
1. A virus scan system, comprising:
-
a full scanning system for performing a full scan of each file in a local file system; a file inventory system for inventorying each file in the local file system and generating a set of current inventory records, wherein each current inventory record includes a unique key of the associated file, a complete filename of the associated file, and a signature of the associated file;
wherein the unique key includes a hash code of the complete filename of the associated file, and the signature includes a timestamp of a last modification of the associated file and a size of the associated file;a system for interfacing with a server to store and retrieve an existing set of inventory records stored on the server; an inventory compare system for comparing the current set of inventory records with the existing set of inventory records to identify files in the local file system that were modified since the existing set of inventory records was generated, wherein a file is identified as modified if the signature for the file in the current set of inventory records does not match the signature for the file in the existing set of inventory records such that at least a size of the file in the current set of inventory records is different from a size of the file in the existing set of inventory records; and a selective scanning system for selectively scanning only files in the local file system that were identified as modified by the inventory compare system; wherein, in the case that a record of the current set of inventory records is included at the local file system and not included in the existing set of inventory records on the server, the selective scanning system selectively scans the file associated with the record not included in the existing set of inventory records and located at the local file system, and the system for interfacing with the server submits a request to the server to update the existing set of inventory records stored on the server to indicate that the selective scanning of the file associated with the record not included in the existing set of inventory records and located at the local file system has occurred. - View Dependent Claims (2, 3, 4)
-
-
5. A program product stored on a non-transitory computer readable medium for performing a virus scan on a local file system, the program product comprising:
-
program code configured for performing a full scan of each file in the local file system; program code configured for inventorying each file in the local file system and generating a set of current inventory records, wherein each inventory record includes a unique key of the associated file, a complete filename of the associated file, and a signature of the associated file, wherein the unique key includes a hash code of the complete filename of the associated file, and the signature includes a timestamp of a last modification of the associated file and a size of the associated file; program code for interfacing with a server to store and retrieve an existing set of inventory records stored on the server; program code configured for comparing the current set of inventory records with the existing set of inventory records to identify files in the local file system that were modified since the existing set of inventory records was generated, wherein a file is identified as modified if the signature for the file in the current set of inventory records does not match the signature for the file in the existing set of inventory records such that at least a size of the file in the current set of inventory records is different from a size of the file in the existing set of inventory records; and program code configured for selectively scanning only files in the file system that were identified as modified; wherein, in the case that a record of the current set of inventory records included at the local file system and is not included in the existing set of inventory records on the server, the program code configured for selectively scanning scans the file associated with the record not included in the existing set of inventory records and located at the local file system, and the program code for interfacing with the server submits a request to the server to update the existing set of inventory records stored on the server to indicate that the selective scanning of the file associated with the record not included in the existing set of inventory records and located at the local file system has occurred. - View Dependent Claims (6, 7, 8)
-
-
9. A method of performing a virus scan on a local file system, comprising:
-
inventorying, using at least one computing device, each file in the local file system and generating, using the at least one computing device, a current set of inventory records, wherein each current inventory record includes a unique key of the associated file, a complete filename of the associated file, and a signature of the associated file, wherein the unique key includes a hash code of the complete filename of the associated file, and a signature includes a timestamp of a last modification of the associated file and a size of the associated file; interfacing, using the at least one computing device, with a server to store and retrieve an existing set of inventory records stored on the server; if the existing set of inventory records is located, comparing, using the at least one computing device, the current set of inventory records with the existing set of inventory records to identify files in the local file system that were modified since the existing set of inventory records were generated, and selectively scanning, using the at least one computing device, only files in the local file system that were identified as modified, wherein a file is identified as modified if the signature for the file in the current set of inventory records does not match the signature for the file in the existing set of inventory records such that at least a size of the file in the current set of inventory records is different from a size of the file in the existing set of inventory records; and if the existing set of inventory records is not located, performing, using the at least one computing device, a full scan of each file in the file system; wherein, in the case that a record of the current set of inventory records included at the local file system and is not included in the existing set of inventory records on the server, scanning, using the at least one computing device, the file associated with the record not included in the existing set of inventory records and located at the local file system, and submitting, using the at least one computing device, a request to the server to update the existing set of inventory records stored on the server to indicate that the selective scanning of the file associated with the record not included in the existing set of inventory records and located at the local file system has occurred. - View Dependent Claims (10, 11, 12)
-
-
13. A method for deploying an application that scans a local file system for viruses, comprising:
-
providing a computer infrastructure being operable to; perform a full scan of each file in a local file system; inventory each file in the local file system and generating a set of current inventory records, wherein each current inventory record includes a unique key of the associated file, a complete filename of the associated file, and a signature of the associated file, wherein the unique key includes a hash code of the complete filename of the associated file, and the signature includes a timestamp of a last modification of the associated file and a size of the associated file; interface with a server to store and retrieve an existing set of inventory records stored on the server; compare the current set of inventory records with the existing set of inventory records to identify files in the local file system that were modified since the existing set of inventory records was generated, wherein a file is identified as modified if the signature for the file in the current set of inventory records does not match the signature for the file in the existing set of inventory records such that at least a size of the file in the current set of inventory records is different from a size of the file in the existing set of inventory records; and selectively scan only files in the local file system that were identified as modified; wherein, in the case that a record of the current set of inventory records is included at the local file system and not included in the existing set of inventory records on the server, scanning the file associated with the record not included in the existing set of inventory records and located at the local file system, and submitting a request to the server to update the existing set of inventory records stored on the server to indicate that the selective scanning of the file associated with the record not included in the existing set of inventory records and located at the local file system has occurred. - View Dependent Claims (14)
-
Specification