System, method, and computer program product for making a scan decision during communication of data over a network
First Claim
Patent Images
1. At least one non-transitory computer readable medium having instructions stored thereon, the instructions when executed on a machine cause the machine to:
- receive data associated with a communication of the data over a network;
receive a hash of the data;
during the communication of the data over the network;
determine whether the hash of the data matches a hash within a false negative database;
determine whether the hash of the data matches a hash within an unwanted content database when it is determined that the hash of the data does not match a hash within the false negative database; and
determine whether the hash of the data matches a hash within a clean database when it is determined that the hash of the data does not match a hash within the unwanted content database;
when it is determined that the hash of the data does not match a hash of data within the clean database;
compute a hash of the data after the data is communicated;
compare the computed hash with the received hash;
scan the data for unwanted content if the received hash does not match the computed hash;
update the unwanted content database with the computed hash if the data is determined to include unwanted content by the scanning; and
update the clean database with the computed hash if the data is not determined to include unwanted content by the scanning.
10 Assignments
0 Petitions
Accused Products
Abstract
A system, method, and computer program product are provided for scanning data during communication of the data over a network. In use, a process is initiated for determining whether to scan data, during communication of the data over the network. Further, the data is conditionally scanned based on the determination.
40 Citations
19 Claims
-
1. At least one non-transitory computer readable medium having instructions stored thereon, the instructions when executed on a machine cause the machine to:
-
receive data associated with a communication of the data over a network; receive a hash of the data; during the communication of the data over the network; determine whether the hash of the data matches a hash within a false negative database; determine whether the hash of the data matches a hash within an unwanted content database when it is determined that the hash of the data does not match a hash within the false negative database; and determine whether the hash of the data matches a hash within a clean database when it is determined that the hash of the data does not match a hash within the unwanted content database; when it is determined that the hash of the data does not match a hash of data within the clean database; compute a hash of the data after the data is communicated; compare the computed hash with the received hash; scan the data for unwanted content if the received hash does not match the computed hash; update the unwanted content database with the computed hash if the data is determined to include unwanted content by the scanning; and update the clean database with the computed hash if the data is not determined to include unwanted content by the scanning. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
-
-
17. A method, comprising:
-
receiving data associated with a communication of the data over a network; receiving a hash of the data; during the communication of the data over the network; determining whether the hash of the data matches a hash within a false negative database; determining whether the hash of the data matches a hash within an unwanted content database when it is determined that the hash of the data does not match a hash within the false negative database; and determining whether the hash of the data matches a hash within a clean database when it is determined that the hash of the data does not match a hash within the unwanted content database; when it is determined that the hash of the data does not match a hash of data within the clean database; computing a hash of the data after the data is communicated; comparing the computed hash with the received hash; scanning the data for unwanted content if the received hash does not match the computed hash; updating the unwanted content database with the computed hash if the data is determined to include unwanted content by the scanning; and updating the clean database with the computed hash if the data is not determined to include unwanted content by the scanning.
-
-
18. A system, comprising:
a processor, wherein the system is configured for; receiving data associated with a communication of the data over a network; receiving a hash of the data; during the communication of the data over the network; determining whether the hash of the data matches a hash within a false negative database; determining whether the hash of the data matches a hash within an unwanted content database when it is determined that the hash of the data does not match a hash within the false negative database; and determining whether the hash of the data matches a hash within a clean database when it is determined that the hash of the data does not match a hash within the unwanted content database; when it is determined that the hash of the data does not match a hash of data within the clean database; computing a hash of the data after the data is communicated; comparing the computed hash with the received hash; scanning the data for unwanted content if the received hash does not match the computed hash; updating the unwanted content database with the computed hash if the data is determined to include unwanted content by the scanning; and updating the clean database with the computed hash if the data is not determined to include unwanted content by the scanning. - View Dependent Claims (19)
Specification