Content filtering of remote file-system access protocols
First Claim
1. A method comprisingtransparently proxying, by a gateway device, (i) a first plurality of Server Message Block/Common Internet File System (SMB/CIFS) protocol requests originated by a first process running on a client and relating to a file associated with a share of a server and (ii) a second plurality of SMB/CIFS protocol requests originated by a second process running on the client and relating to the file;
- anddetermining, by the gateway device, the existence or non-existence of malicious, dangerous or unauthorized content contained within the file byidentifying data being read from or written to the file as a result of the first plurality of SMB/CIFS protocol requests and the second plurality of SMB/CIFS protocol requests;
buffering the identified data into a single shared file buffer within a memory of the gateway device; and
when one or more of a plurality of scanning conditions are satisfied, then performing content filtering on the shared file buffer.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a first set of Server Message Block/Common Internet File System (SMB/CIFS) protocol requests originated by a first process running on a client and relating to a file associated with a share of a server and a second set of SMB/CIFS protocol requests originated by a second process running on the client and relating to the file are transparently proxied by a gateway device. The existence or non-existence of malicious, dangerous or unauthorized content contained within the file is determined by the gateway device by (i) buffering data being read from or written to the file as a result of the first and second set of SMB/CIFS protocol requests into a shared file buffer; and (ii) performing content filtering on the shared file buffer when a scanning condition is satisfied.
14 Citations
23 Claims
-
1. A method comprising
transparently proxying, by a gateway device, (i) a first plurality of Server Message Block/Common Internet File System (SMB/CIFS) protocol requests originated by a first process running on a client and relating to a file associated with a share of a server and (ii) a second plurality of SMB/CIFS protocol requests originated by a second process running on the client and relating to the file; - and
determining, by the gateway device, the existence or non-existence of malicious, dangerous or unauthorized content contained within the file by identifying data being read from or written to the file as a result of the first plurality of SMB/CIFS protocol requests and the second plurality of SMB/CIFS protocol requests; buffering the identified data into a single shared file buffer within a memory of the gateway device; and when one or more of a plurality of scanning conditions are satisfied, then performing content filtering on the shared file buffer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- and
-
9. A network gateway device comprising:
-
a content processor implementing one or more filters configured to detect the presence of malicious code in data being scanned; a transparent Server Message Block/Common Internet File System (SMB/CIFS) protocol proxy, coupled to the content processor, configured to be logically interposed between a client and a server and to cause content filtering to be performed by the content processor on data transferred between the client and server as a result of one or more of a plurality of scanning conditions being triggered by (i) a first plurality of SMB/CIFS protocol requests originated by a first process running on the client and relating to a file associated with a share of the server and (ii) a second plurality of SMB/CIFS protocol requests originated by a second process running on the client and relating to the file; and a memory containing therein a single shared file buffer into which data identified as being read from or written to the file as a result of the first plurality of SMB/CIFS protocol requests and the second plurality of SMB/CIFS protocol requests is buffered. - View Dependent Claims (10, 11, 12, 13, 14, 15)
-
-
16. A non-transitory computer-readable storage medium embodying a set of instructions, which when executed by one or more processors of a network gateway device logically interposed between a client and a server, cause the one or more processors to perform a method of content filtering comprising:
-
transparently proxying (i) a first plurality of Server Message Block/Common Internet File System (SMB/CIFS) protocol requests originated by a first process running on the client and relating to a file associated with a share of the server and (ii) a second plurality of SMB/CIFS protocol requests originated by a second process running on the client and relating to the file; and determining the existence or non-existence of malicious, dangerous or unauthorized content contained within the file by identifying data being read from or written to the file as a result of the first plurality of SMB/CIFS protocol requests and the second plurality of SMB/CIFS protocol requests; buffering the identified data into a single shared file buffer within a memory of the gateway device; and when one or more of a plurality of scanning conditions are satisfied, then performing content filtering on the single shared file buffer. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification