Content filtering of remote file-system access protocols

US 8,887,283 B2
Filed: 03/02/2014
Issued: 11/11/2014
Est. Priority Date: 05/08/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a network device, logically interposed between a client and a server, a remote file-system access protocol request from the client, the remote file-system access protocol request representing a request to access a file associated with a share of the server;

issuing, by the network device, the remote file-system access protocol request to the server on behalf of the client;

implementing, by the network device, a single shared holding buffer for the file during a remote file-system access protocol session, wherein the single shared holding buffer is used for both read and write accesses to the file and is used for accesses to the file by a plurality of processes running on the client;

buffering, by the network device, into the single shared holding buffer data being read from or written to the file as a result of the remote file-system access protocol request; and

responsive to a predetermined event in relation to the remote file-system access protocol or the single shared holding buffer, determining, by the network device, the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the single shared holding buffer.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a remote file-system access protocol request issued by a client to a server is received at a network device logically interposed between the client and the server. The request is issued to the server by the network device. A single shared holding buffer, used for both read and write accesses to the file and used by multiple processes running on the client, is implemented by the network device for the file during a remote file-system access protocol session. Data being read from or written to the file as a result of the request is buffered into the buffer. Responsive to a predetermined event in relation to the remote file-system access protocol or the buffer, the existence or non-existence of malicious, dangerous or unauthorized content is determined by performing content filtering on the buffer.

24 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, at a network device, logically interposed between a client and a server, a remote file-system access protocol request from the client, the remote file-system access protocol request representing a request to access a file associated with a share of the server;
  
  issuing, by the network device, the remote file-system access protocol request to the server on behalf of the client;
  
  implementing, by the network device, a single shared holding buffer for the file during a remote file-system access protocol session, wherein the single shared holding buffer is used for both read and write accesses to the file and is used for accesses to the file by a plurality of processes running on the client;
  
  buffering, by the network device, into the single shared holding buffer data being read from or written to the file as a result of the remote file-system access protocol request; and
  
  responsive to a predetermined event in relation to the remote file-system access protocol or the single shared holding buffer, determining, by the network device, the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the single shared holding buffer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the remote file-system access protocol comprises Server Message Block (SMB)/Common Internet File System (CIFS).
  - 3. The method of claim 1, wherein the single shared holding buffer is stored in a shared memory of the network device that is accessible by a plurality of processes running within the network device.
  - 4. The method of claim 1, further comprising tracking, by the network device, usage and modification of the single shared holding buffer with a usage table.
  - 5. The method of claim 4, wherein the usage table contains information indicative of free and filled sections of the single shared holding buffer.
  - 6. The method of claim 5, wherein the predetermined event comprises determining the single shared holding buffer is full.
  - 7. The method of claim 1, further comprising recording, by the network device, data read from the server in a second holding buffer, wherein the second holding buffer is logically linked to the single shared holding buffer.
  - 8. The method of claim 7, further comprising the tracking, by the network device, usage of the second holding buffer with a second usage table.
  - 9. The method of claim 7, further comprising restoring, by the network device, the file on the server from a clean copy of the file maintained in the second buffer.
  - 10. The method of claim 9, wherein the clean copy is the first read from a given block of the file.

11. A network device comprising:
- a memory having stored therein one or more routines;
  
  one or more processors configured to perform a method of handling remote file-system access protocol requests issued by a client to a server by executing the one or more routines, wherein the method comprises;
  
  receiving a remote file-system access protocol request from the client, the remote file-system access protocol request representing a request to access a file associated with a share of the server;
  
  issuing the remote file-system access protocol request to the server on behalf of the client;
  
  implementing a single shared holding buffer for the file during a remote file-system access protocol session, wherein the single shared holding buffer is used for both read and write accesses to the file and is used for accesses to the file by a plurality of processes running on the client;
  
  buffering into the single shared holding buffer data being read from or written to the file as a result of the remote file-system access protocol request; and
  
  responsive to a predetermined event in relation to the remote file-system access protocol or the single shared holding buffer, determining the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the single shared holding buffer.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The network device of claim 11, wherein the remote file-system access protocol comprises Server Message Block (SMB)/Common Internet File System (CIFS).
  - 13. The network device of claim 11, wherein the single shared holding buffer is stored in a shared memory of the network device that is accessible by a plurality of processes running within the network device.
  - 14. The network device of claim 11, wherein the method further comprises tracking usage and modification of the single shared holding buffer with a usage table.
  - 15. The network device of claim 14, wherein the usage table contains information indicative of free and filled sections of the single shared holding buffer.
  - 16. The network device of claim 15, wherein the predetermined event comprises determining the single shared holding buffer is full.
  - 17. The network device of claim 11, wherein the method further comprises recording data read from the server in a second holding buffer, wherein the second holding buffer is logically linked to the single shared holding buffer.
  - 18. The network device of claim 17, wherein the method further comprises tracking usage of the second holding buffer with a second usage table.
  - 19. The network device of claim 17, wherein the method further comprises restoring the file on the server from a clean copy of the file maintained in the second buffer.
  - 20. The network device of claim 19, wherein the clean copy is the first read from a given block of the file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Crawford, William Jeffrey
Primary Examiner(s)
Pwu, Jeffrey
Assistant Examiner(s)
Ambaye, Samuel

Application Number

US14/194,751
Publication Number

US 20140181979A1
Time in Patent Office

254 Days
Field of Search

726/24, 726/12
US Class Current

726/24
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 16/00   Information retrieval; Data...

G06F 21/00   Security arrangements for p...

G06F 21/56   Computer malware detection ...

G06F 21/6218   to a system of files or obj...

H04L 49/90   Buffering arrangements

H04L 63/0245   Filtering by information in...

H04L 63/0281   Proxies

H04L 63/145   the attack involving the pr...

H04L 65/102   Gateways arrangements for c...

H04L 67/06   specially adapted for file ...

H04L 67/289   Intermediate processing fun...

H04L 67/56   Provisioning of proxy servi...

H04L 9/40   Network security protocols

Content filtering of remote file-system access protocols

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

24 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Content filtering of remote file-system access protocols

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others