Network stream scanning facility
First Claim
1. A method of scanning data comprising:
- receiving a request for network content at a scanning facility, the request received from a content requesting computing facility remote from the scanning facility, and the request including a source from which to retrieve the network content;
performing a source lookup for the request at the scanning facility, wherein the source lookup requests data concerning the source of the request from a networked source lookup database, and wherein the networked source lookup database responds with a characterization of the source;
retrieving the network content to the scanning facility;
calculating a checksum of the network content;
performing a checksum lookup on the checksum, wherein the checksum lookup is from a networked checksum lookup database that stores checksums for known malware content; and
when the network content is not identified as malware based upon the checksum lookup, taking an action to protect the content requesting computing facility from malware based on the characterization of the source from the networked source lookup database.
9 Assignments
1 Petition
Accused Products
Abstract
In embodiments of the present invention improved capabilities are described for providing a scanning of data associated with a network computer facility. In the process, a request may be received for network content from a content requesting computing facility. A source lookup associated with the request for network content may be performed, where the source lookup may be from a networked source lookup database. The requested network content may then be retrieved, where the type of the content may be determined as a further aid in scanning the content. A checksum of at least a portion of the retrieved network content may then be calculated, and a checksum lookup associated with the portion of the retrieved network content be performed, where the checksum lookup may be from a networked checksum lookup database. Finally, an action may be taken based on at least one of the source lookup and checksum lookup, where the action is associated with protecting the content requesting computing facility from malware.
59 Citations
25 Claims
-
1. A method of scanning data comprising:
-
receiving a request for network content at a scanning facility, the request received from a content requesting computing facility remote from the scanning facility, and the request including a source from which to retrieve the network content; performing a source lookup for the request at the scanning facility, wherein the source lookup requests data concerning the source of the request from a networked source lookup database, and wherein the networked source lookup database responds with a characterization of the source; retrieving the network content to the scanning facility; calculating a checksum of the network content; performing a checksum lookup on the checksum, wherein the checksum lookup is from a networked checksum lookup database that stores checksums for known malware content; and when the network content is not identified as malware based upon the checksum lookup, taking an action to protect the content requesting computing facility from malware based on the characterization of the source from the networked source lookup database. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system comprising:
-
a network device with on-device malware analysis tools; a networked source lookup database storing a characterization of a number of URLs, the networked source lookup database configured to respond to a source URL with a corresponding characterization of the source URL; a networked checksum lookup database storing checksums for known malware content, the networked checksum lookup database configured to respond to a checksum with any malware known to be associated with the checksum; and a content requesting computing facility configured to request network content through the network device, wherein the network device is configured to protect the content requesting computing facility from malware by sequentially performing a first query of the networked source lookup database and a second query of the networked checksum lookup database, and further configured to conditionally take action according to a result of the first query and the second query. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
Specification