Selective virus scanning system and method

US 8,590,044 B2
Filed: 04/14/2005
Issued: 11/19/2013
Est. Priority Date: 04/14/2005
Status: Active Grant

First Claim

Patent Images

1. A virus scan system, comprising:

a full scanning system for performing a full scan of each file in a local file system;

a file inventory system for inventorying each file in the local file system and generating a set of current inventory records, wherein each current inventory record includes a unique key of the associated file, a complete filename of the associated file, and a signature of the associated file;

wherein the unique key includes a hash code of the complete filename of the associated file, and the signature includes a timestamp of a last modification of the associated file and a size of the associated file;

a system for interfacing with a server to store and retrieve an existing set of inventory records stored on the server;

an inventory compare system for comparing the current set of inventory records with the existing set of inventory records to identify files in the local file system that were modified since the existing set of inventory records was generated, wherein a file is identified as modified if the signature for the file in the current set of inventory records does not match the signature for the file in the existing set of inventory records such that at least a size of the file in the current set of inventory records is different from a size of the file in the existing set of inventory records; and

a selective scanning system for selectively scanning only files in the local file system that were identified as modified by the inventory compare system;

wherein, in the case that a record of the current set of inventory records is included at the local file system and not included in the existing set of inventory records on the server, the selective scanning system selectively scans the file associated with the record not included in the existing set of inventory records and located at the local file system, and the system for interfacing with the server submits a request to the server to update the existing set of inventory records stored on the server to indicate that the selective scanning of the file associated with the record not included in the existing set of inventory records and located at the local file system has occurred.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A virus scanning system and method. A system is provide that includes: a full scanning system for performing a full scan of each file in a file system; a file inventory system for inventorying each file in the file system and generating a set of inventory records, wherein each inventory record includes a unique key associated with each file in the file system; an inventory compare system for comparing a current set of inventory records with an existing set of inventory records to identify files in the file system that were modified since the existing set of inventory records was generated; and a selective scanning system for selectively scanning only files in the file system that were identified as modified by the inventory compare system.

25 Citations

View as Search Results

14 Claims

1. A virus scan system, comprising:
- a full scanning system for performing a full scan of each file in a local file system;
  
  a file inventory system for inventorying each file in the local file system and generating a set of current inventory records, wherein each current inventory record includes a unique key of the associated file, a complete filename of the associated file, and a signature of the associated file;
  
  wherein the unique key includes a hash code of the complete filename of the associated file, and the signature includes a timestamp of a last modification of the associated file and a size of the associated file;
  
  a system for interfacing with a server to store and retrieve an existing set of inventory records stored on the server;
  
  an inventory compare system for comparing the current set of inventory records with the existing set of inventory records to identify files in the local file system that were modified since the existing set of inventory records was generated, wherein a file is identified as modified if the signature for the file in the current set of inventory records does not match the signature for the file in the existing set of inventory records such that at least a size of the file in the current set of inventory records is different from a size of the file in the existing set of inventory records; and
  
  a selective scanning system for selectively scanning only files in the local file system that were identified as modified by the inventory compare system;
  
  wherein, in the case that a record of the current set of inventory records is included at the local file system and not included in the existing set of inventory records on the server, the selective scanning system selectively scans the file associated with the record not included in the existing set of inventory records and located at the local file system, and the system for interfacing with the server submits a request to the server to update the existing set of inventory records stored on the server to indicate that the selective scanning of the file associated with the record not included in the existing set of inventory records and located at the local file system has occurred.
- View Dependent Claims (2, 3, 4)
- - 2. The virus scan system of claim 1, further comprising a system for forcing a full scan.
  - 3. The virus scan system of claim 1, wherein the full scan system is implemented if the existing set of inventory records does not exist, and is not implemented if the existing set of inventory records exists.
  - 4. The system of claim 1, wherein the inventory compare system compares keys to determine if a file in the local file system has been modified.

5. A program product stored on a non-transitory computer readable medium for performing a virus scan on a local file system, the program product comprising:
- program code configured for performing a full scan of each file in the local file system;
  
  program code configured for inventorying each file in the local file system and generating a set of current inventory records, wherein each inventory record includes a unique key of the associated file, a complete filename of the associated file, and a signature of the associated file, wherein the unique key includes a hash code of the complete filename of the associated file, and the signature includes a timestamp of a last modification of the associated file and a size of the associated file;
  
  program code for interfacing with a server to store and retrieve an existing set of inventory records stored on the server;
  
  program code configured for comparing the current set of inventory records with the existing set of inventory records to identify files in the local file system that were modified since the existing set of inventory records was generated, wherein a file is identified as modified if the signature for the file in the current set of inventory records does not match the signature for the file in the existing set of inventory records such that at least a size of the file in the current set of inventory records is different from a size of the file in the existing set of inventory records; and
  
  program code configured for selectively scanning only files in the file system that were identified as modified;
  
  wherein, in the case that a record of the current set of inventory records included at the local file system and is not included in the existing set of inventory records on the server, the program code configured for selectively scanning scans the file associated with the record not included in the existing set of inventory records and located at the local file system, and the program code for interfacing with the server submits a request to the server to update the existing set of inventory records stored on the server to indicate that the selective scanning of the file associated with the record not included in the existing set of inventory records and located at the local file system has occurred.
- View Dependent Claims (6, 7, 8)
- - 6. The program product of claim 5, further comprising program code for forcing a full scan.
  - 7. The program product of claim 5, wherein a full scan is run if the existing set of inventory records does not exist, and is not run if the existing set of inventory records exists.
  - 8. The program product of claim 5, wherein the program code configured for comparing compares keys to determine if a file in the local file system has been modified.

9. A method of performing a virus scan on a local file system, comprising:
- inventorying, using at least one computing device, each file in the local file system and generating, using the at least one computing device, a current set of inventory records, wherein each current inventory record includes a unique key of the associated file, a complete filename of the associated file, and a signature of the associated file, wherein the unique key includes a hash code of the complete filename of the associated file, and a signature includes a timestamp of a last modification of the associated file and a size of the associated file;
  
  interfacing, using the at least one computing device, with a server to store and retrieve an existing set of inventory records stored on the server;
  
  if the existing set of inventory records is located, comparing, using the at least one computing device, the current set of inventory records with the existing set of inventory records to identify files in the local file system that were modified since the existing set of inventory records were generated, and selectively scanning, using the at least one computing device, only files in the local file system that were identified as modified, wherein a file is identified as modified if the signature for the file in the current set of inventory records does not match the signature for the file in the existing set of inventory records such that at least a size of the file in the current set of inventory records is different from a size of the file in the existing set of inventory records; and
  
  if the existing set of inventory records is not located, performing, using the at least one computing device, a full scan of each file in the file system;
  
  wherein, in the case that a record of the current set of inventory records included at the local file system and is not included in the existing set of inventory records on the server, scanning, using the at least one computing device, the file associated with the record not included in the existing set of inventory records and located at the local file system, and submitting, using the at least one computing device, a request to the server to update the existing set of inventory records stored on the server to indicate that the selective scanning of the file associated with the record not included in the existing set of inventory records and located at the local file system has occurred.
- View Dependent Claims (10, 11, 12)
- - 10. The method of claim 9, wherein the comparing step compares, using the at least one computing device, keys to determine if a file has been modified.
  - 11. The method of claim 9, further comprising the step of forcing, using the at least one computing device, a full scan from a network server.
  - 12. The method of claim 9, further comprising the step of updating, using the at least one computing device, the existing set of inventory records at the server with the current set of inventory records after a scan is completed.

13. A method for deploying an application that scans a local file system for viruses, comprising:
- providing a computer infrastructure being operable to;
  
  perform a full scan of each file in a local file system;
  
  inventory each file in the local file system and generating a set of current inventory records, wherein each current inventory record includes a unique key of the associated file, a complete filename of the associated file, and a signature of the associated file, wherein the unique key includes a hash code of the complete filename of the associated file, and the signature includes a timestamp of a last modification of the associated file and a size of the associated file;
  
  interface with a server to store and retrieve an existing set of inventory records stored on the server;
  
  compare the current set of inventory records with the existing set of inventory records to identify files in the local file system that were modified since the existing set of inventory records was generated, wherein a file is identified as modified if the signature for the file in the current set of inventory records does not match the signature for the file in the existing set of inventory records such that at least a size of the file in the current set of inventory records is different from a size of the file in the existing set of inventory records; and
  
  selectively scan only files in the local file system that were identified as modified;
  
  wherein, in the case that a record of the current set of inventory records is included at the local file system and not included in the existing set of inventory records on the server, scanning the file associated with the record not included in the existing set of inventory records and located at the local file system, and submitting a request to the server to update the existing set of inventory records stored on the server to indicate that the selective scanning of the file associated with the record not included in the existing set of inventory records and located at the local file system has occurred.
- View Dependent Claims (14)
- - 14. The method of deploying of claim 13, wherein the comparing includes compares keys to determine if a file in the local file system has been modified.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kyndryl Incorporated, ServiceNow Incorporated
Original Assignee
International Business Machines Corporation
Inventors
Trakic, Adnan, Jangal, Amit K., Pankaj, Pathak
Primary Examiner(s)
Najjar, Saleh
Assistant Examiner(s)
Pan, Joseph

Application Number

US11/106,317
Publication Number

US 20060236398A1
Time in Patent Office

3,141 Days
Field of Search

713/1, 713/2, 713/188, 713/194, 380/200, 380/201, 380/255, 380/277, 726/2, 726 22- 25
US Class Current

726/24
CPC Class Codes

G06F 21/562 Static detection

Selective virus scanning system and method

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

14 Claims

Specification

Use Cases

Quick Links

Others

Selective virus scanning system and method

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

14 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others