Electronic message manager system, method, and computer scanning an electronic message for unwanted content and associated unwanted sites

US 8,601,067 B2
Filed: 04/30/2007
Issued: 12/03/2013
Est. Priority Date: 04/30/2007
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving, via a network, a request to scan an electronic message prior to opening the electronic message, the request including at least a portion of the electronic message and information associated with the electronic message, wherein the information includes, at least, an Internet Protocol (IP) address associated with the electronic message, a reputation associated with the electronic message, a history of the electronic message that includes an indication of a number of times an instance of the electronic message has been previously sent to users, and a path by which the electronic message is communicated from a source to a destination;

using the information to determine whether the electronic message was spoofed and therefore not clean from malware;

scanning the electronic message for unwanted content and associated unwanted sites at the server; and

sending a response to the request from the server to the client via the network, wherein the response indicates that the electronic message is not safe to open by a user.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for scanning an electronic message for unwanted content and associated unwanted sites in response to a request. In use, a request is received via a network to scan an electronic message prior to opening the electronic message, utilizing an electronic message manager. In addition, the electronic message is scanned for unwanted content and associated unwanted sites, in response to the request. Further, a response to the request is sent via the network.

Citations

23 Claims

1. A method, comprising:
- receiving, via a network, a request to scan an electronic message prior to opening the electronic message, the request including at least a portion of the electronic message and information associated with the electronic message, wherein the information includes, at least, an Internet Protocol (IP) address associated with the electronic message, a reputation associated with the electronic message, a history of the electronic message that includes an indication of a number of times an instance of the electronic message has been previously sent to users, and a path by which the electronic message is communicated from a source to a destination;
  
  using the information to determine whether the electronic message was spoofed and therefore not clean from malware;
  
  scanning the electronic message for unwanted content and associated unwanted sites at the server; and
  
  sending a response to the request from the server to the client via the network, wherein the response indicates that the electronic message is not safe to open by a user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein the request is generated automatically.
  - 3. The method of claim 2, wherein the request is generated automatically in response to a user attempting to open the electronic message.
  - 4. The method of claim 2, wherein the automatically generated request is conditionally received based on a user confirmation.
  - 5. The method of claim 1, wherein the request is generated in response to a user request.
  - 6. The method of claim 1, wherein the electronic message is scanned by performing a comparison of the electronic message with known data stored in a database.
  - 7. The method of claim 6, wherein the known data includes at least one of known clean data and known unwanted data.
  - 8. The method of claim 6, wherein the response is sent in response to the comparison resulting in a match.
  - 9. The method of claim 1, wherein the electronic message is scanned by performing an automated analysis of the electronic message and information associated therewith.
  - 10. The method of claim 9, wherein the response is sent in response to the automated analysis indicating that the electronic message is clean.
  - 11. The method of claim 1, wherein the electronic message is scanned by performing a manual analysis of the electronic message.
  - 12. The method of claim 11, wherein the response is sent in response to the manual analysis indicating that the electronic message is clean.
  - 13. The method of claim 1, wherein a database of known data is updated based on the scanning.
  - 14. The method of claim 1, wherein the response prompts a display of a notification to a user.
  - 15. The method of claim 1, wherein the unwanted content includes malware.
  - 16. The method of claim 1, wherein the unwanted sites include at least one of phishing sites and sites including unwanted content.
  - 17. The method of claim 1, wherein the request is generated by a preview pane of an electronic message manager.
  - 18. The method of claim 1, wherein the electronic message is downloaded to an electronic message manager, and the request to scan the electronic message is initiated at the client after downloading the electronic message and prior to opening the downloaded electronic message.
  - 19. The method of claim 1, wherein the request to scan the electronic message is sent by a user in response to a determination that the electronic message has been intercepted.

20. A computer program product embodied on a non-transitory computer readable medium for performing operations, comprising:
- receiving, via a network, a request from a client to scan an electronic message prior to opening the electronic message, the request including at least a portion of the electronic message and information associated with the electronic message, wherein the information includes, at least, an Internet Protocol (IP) address associated with the electronic message, a reputation associated with the electronic message, a history of the electronic message that includes an indication of a number of times an instance of the electronic message has been previously sent to users, and a path by which the electronic message is communicated from a source to a destination, wherein the electronic message is scanned for unwanted content and associated unwanted sites at a server in response to the request; and
  
  using the information to determine whether the electronic message was spoofed and therefore not clean from malware;
  
  generating a response to the request, wherein the response indicates that the electronic message is not safe to open by a user.
- View Dependent Claims (21)
- - 21. The computer program product of claim 20, wherein the request is generated by a plug-in installed at the client.

22. A system, comprising:
- an application program installed on a client for transmitting, via a network, a request to scan an electronic message prior to opening the electronic message, the request including at least a portion of the electronic message and information associated with the electronic message, wherein the information includes, at least, an Internet Protocol (IP) address associated with the electronic message, a reputation associated with the electronic message, a history of the electronic message that includes an indication of a number of times an instance of the electronic message has been previously sent to users, and a path by which the electronic message is communicated from a source to a destination, wherein the information is used to determine whether the electronic message was spoofed and therefore not clean from malware; and
  
  a server in communication with the client via the network for receiving the request, scanning the electronic message for unwanted content and associated unwanted sites, and sending a response to the request, wherein the response indicates that the electronic message is not safe to open by a user.
- View Dependent Claims (23)
- - 23. The system of claim 22, wherein the server stores results of scanning electronic messages transmitted by a plurality of clients in a database, and the scanning utilizes the database.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Gartside, Paul Nicholas, Heron, George L., Bolin, Christopher S.
Primary Examiner(s)
TOWFIGHI, AFSHAWN M

Application Number

US11/742,423
Publication Number

US 20130246592A1
Time in Patent Office

2,409 Days
Field of Search

709201-207, 726 22- 24, 713/188
US Class Current

709/206
CPC Class Codes

H04L 51/046   Interoperability with other...

H04L 51/212   using filtering or selectiv...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/145   the attack involving the pr...

H04L 63/1483   service impersonation, e.g....

H04L 67/01   Protocols

Electronic message manager system, method, and computer scanning an electronic message for unwanted content and associated unwanted sites

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Electronic message manager system, method, and computer scanning an electronic message for unwanted content and associated unwanted sites

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links