Content filtering of remote file-system access protocols

US 9,143,526 B2
Filed: 10/25/2014
Issued: 09/22/2015
Est. Priority Date: 11/22/2005
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving, at a network device, logically interposed between one or more clients and a server, a remote file-system access protocol response from the server, the remote file-system access protocol response representing a response to a remote file-system access protocol request relating to a file associated with a share of the server sent from a client of the one or more clients;

when the remote file-system access protocol request represents a request to access the file, then determining, by the network device, whether a holding buffer exists on the network device corresponding to the file;

when a result of said determining is negative, then creating, by the network device, the holding buffer on the network device;

when the result of said determining is affirmative, then using, by the network device, the holding buffer for any of the one or more clients or processes running on the one or more clients that access the file;

buffering, by the network device, into the holding buffer data being read from or written to the file as a result of the remote file-system access protocol request; and

determining, by the network device, the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the holding buffer.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, a remote file-system access protocol response is received at a network device logically interposed between one or more clients and a server. The response represents a response to a request from one of the clients relating to a file associated with a share of the server. A determination is made whether a holding buffer corresponding to the file exists. If not, then one is created; otherwise, the existing holding buffer is used for any of the clients or processes running on the clients that access the file. Data read from or written to the file as a result of the request is buffered into the holding buffer. The existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer is determined by performing content filtering on the holding buffer.

21 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving, at a network device, logically interposed between one or more clients and a server, a remote file-system access protocol response from the server, the remote file-system access protocol response representing a response to a remote file-system access protocol request relating to a file associated with a share of the server sent from a client of the one or more clients;
  
  when the remote file-system access protocol request represents a request to access the file, then determining, by the network device, whether a holding buffer exists on the network device corresponding to the file;
  
  when a result of said determining is negative, then creating, by the network device, the holding buffer on the network device;
  
  when the result of said determining is affirmative, then using, by the network device, the holding buffer for any of the one or more clients or processes running on the one or more clients that access the file;
  
  buffering, by the network device, into the holding buffer data being read from or written to the file as a result of the remote file-system access protocol request; and
  
  determining, by the network device, the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the holding buffer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein the remote file-system access protocol comprises Server Message Block (SMB)/Common Internet File System (CIFS).
  - 3. The method of claim 1, wherein the holding buffer is stored in a shared memory of the network device that is accessible by a plurality of processes running within the network device.
  - 4. The method of claim 1, further comprising tracking, by the network device, usage and modification of the holding buffer with a usage table.
  - 5. The method of claim 4, wherein the usage table contains information indicative of free and filled sections of the holding buffer.
  - 6. The method of claim 5, wherein the predetermined event comprises determining the holding buffer is full.
  - 7. The method of claim 1, further comprising recording, by the network device, data read from the server in a second holding buffer, wherein the second holding buffer is logically linked to the holding buffer.
  - 8. The method of claim 7, further comprising the tracking, by the network device, usage of the second holding buffer with a second usage table.
  - 9. The method of claim 7, further comprising restoring, by the network device, the file on the server from a clean copy of the file maintained in the second buffer.
  - 10. The method of claim 1, further comprising:
    - when the remote file-system access protocol request represents a request to open the file and when the holding buffer existed prior to the remote file-system access protocol request, then incrementing a reference count of the holding buffer; and
      
      when the remote file-system access protocol request represents a request to close the file, then decrementing a reference count of the holding buffer.

11. A network device comprising:
- a memory having stored therein one or more routines;
  
  one or more processors configured to perform a method of handling remote file-system access protocol requests issued by one or more clients to a server by executing the one or more routines, wherein the method comprises;
  
  receiving a remote file-system access protocol response from the server, the remote file-system access protocol response representing a response to a remote file-system access protocol request for access to a file associated with a share of the server sent from a client of the one or more clients;
  
  when the remote-file system access protocol request represents a request to access the file, then determining whether a holding buffer exists on the network device corresponding to the file;
  
  when the holding buffer does not exist, then creating the holding buffer on the network device;
  
  when the holding buffer does exist, then using the holding buffer for any of the one or more clients or processes running on the one or more clients that access the file;
  
  buffering into the holding buffer data being read from or written to the file as a result of the remote file-system access protocol request; and
  
  determining the existence or non-existence of malicious, dangerous or unauthorized content contained within the holding buffer by performing content filtering on the holding buffer.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The network device of claim 11, wherein the remote file-system access protocol comprises Server Message Block (SMB)/Common Internet File System (CIFS).
  - 13. The network device of claim 11, wherein the holding buffer is stored in a shared memory of the network device that is accessible by a plurality of processes running within the network device.
  - 14. The network device of claim 11, wherein the method further comprises tracking usage and modification of the holding buffer with a usage table.
  - 15. The network device of claim 14, wherein the usage table contains information indicative of free and filled sections of the holding buffer.
  - 16. The network device of claim 15, wherein the predetermined event comprises determining the holding buffer is full.
  - 17. The network device of claim 11, wherein the method further comprises recording data read from the server in a second holding buffer, wherein the second holding buffer is logically linked to the holding buffer.
  - 18. The network device of claim 17, wherein the method further comprises tracking usage of the second holding buffer with a second usage table.
  - 19. The network device of claim 17, wherein the method further comprises restoring the file on the server from a clean copy of the file maintained in the second buffer.
  - 20. The network device of claim 11, wherein the method further comprises:
    - when the remote file-system access protocol request represents a request to open the file and when the holding buffer existed prior to the remote file-system access protocol request, then incrementing a reference count of the holding buffer; and
      
      when the remote file-system access protocol request represents a request to close the file, then decrementing a reference count of the holding buffer.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fortinet Inc.
Original Assignee
Fortinet Inc.
Inventors
Crawford, William Jeffrey
Primary Examiner(s)
Ambaye, Samuel

Application Number

US14/523,878
Publication Number

US 20150150135A1
Time in Patent Office

332 Days
Field of Search

726/24, 726/12
US Class Current

1/1
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 16/00   Information retrieval; Data...

G06F 21/00   Security arrangements for p...

G06F 21/56   Computer malware detection ...

G06F 21/6218   to a system of files or obj...

H04L 49/90   Buffering arrangements

H04L 63/0245   Filtering by information in...

H04L 63/0281   Proxies

H04L 63/145   the attack involving the pr...

H04L 65/102   Gateways arrangements for c...

H04L 67/06   specially adapted for file ...

H04L 67/289   Intermediate processing fun...

H04L 67/56   Provisioning of proxy servi...

H04L 9/40   Network security protocols

Content filtering of remote file-system access protocols

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

21 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Content filtering of remote file-system access protocols

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

21 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links