Electronic message manager system, method, and computer program product for scanning an electronic message for unwanted content and associated unwanted sites

US 9,628,513 B2
Filed: 05/15/2015
Issued: 04/18/2017
Est. Priority Date: 04/30/2007
Status: Active Grant

First Claim

Patent Images

1. A non-transitory computer-readable medium comprising one or more instructions that when executed on a processor configure the processor to:

receive, via a network, a request to scan an electronic message prior to opening the electronic message, the request including at least a portion of the electronic message and information associated with the electronic message, wherein the information includes an indication of a reputation of a domain associated with the electronic message and a path by which the electronic message is communicated, the path including a series of nodes via which the electronic message is communicated from a source to a destination;

analyze the received portion of the electronic message and the received information associated with the electronic message to determine whether the electronic message includes unwanted content; and

send a response to the request to a client via the network responsive to a determination that the electronic message includes unwanted content, wherein the response includes an indication that the electronic message is not safe to open by a user and an indication of a reaction to be performed on the electronic message.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, and computer program product are provided for scanning an electronic message for unwanted content and associated unwanted sites in response to a request. In use, a request is received via a network to scan an electronic message prior to opening the electronic message, utilizing an electronic message manager. In addition, the electronic message is scanned for unwanted content and associated unwanted sites, in response to the request. Further, a response to the request is sent via the network.

44 Citations

25 Claims

1. A non-transitory computer-readable medium comprising one or more instructions that when executed on a processor configure the processor to:
- receive, via a network, a request to scan an electronic message prior to opening the electronic message, the request including at least a portion of the electronic message and information associated with the electronic message, wherein the information includes an indication of a reputation of a domain associated with the electronic message and a path by which the electronic message is communicated, the path including a series of nodes via which the electronic message is communicated from a source to a destination;
  
  analyze the received portion of the electronic message and the received information associated with the electronic message to determine whether the electronic message includes unwanted content; and
  
  send a response to the request to a client via the network responsive to a determination that the electronic message includes unwanted content, wherein the response includes an indication that the electronic message is not safe to open by a user and an indication of a reaction to be performed on the electronic message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The non-transitory computer-readable medium of claim 1, wherein the reaction includes one or more of remediation of the electronic message, cleaning of the electronic message, blocking the electronic message from being opened, deleting the electronic message and quarantining the electronic message.
  - 3. The non-transitory computer-readable medium of claim 1, wherein the request is generated by a plug-in installed at the client.
  - 4. The non-transitory computer-readable medium of claim 1, wherein the request is generated automatically in response to a user attempting to open the electronic message.
  - 5. The non-transitory computer-readable medium of claim 1, wherein the electronic message is analyzed by performing a comparison of the electronic message with known data stored in a database.
  - 6. The non-transitory computer-readable medium of claim 5, wherein the known data includes at least one of known clean data and known unwanted data.
  - 7. The non-transitory computer-readable medium of claim 5, wherein the response is sent in response to the comparison resulting in a match.
  - 8. The non-transitory computer-readable medium of claim 5, wherein the database of known data is updated based on the analyzing.
  - 9. The non-transitory computer-readable medium of claim 1, wherein the one or more instructions that when executed on the processor further configure the processor to send a response to the analysis indicating that the electronic message is clean responsive to a determination that the electronic message does not include unwanted content.
  - 10. The non-transitory computer-readable medium of claim 1, wherein the response prompts a display of a notification to a user.
  - 11. The non-transitory computer-readable medium of claim 1, wherein the unwanted content includes malware.
  - 12. The non-transitory computer-readable medium of claim 1, wherein the unwanted content includes at least one unwanted site.
  - 13. The non-transitory computer-readable medium of claim 12, wherein the at least one site includes at least one of a phishing site and a site including unwanted content.
  - 14. The non-transitory computer-readable medium of claim 1, wherein the request is generated by a preview pane of an electronic message manager.
  - 15. The non-transitory computer-readable medium of claim 1, wherein the request is sent in response to a determination that the electronic message has been intercepted.
  - 16. The non-transitory computer-readable medium of claim 1, wherein the information associated with the electronic message further includes at least one of a source of the electronic message, and a behavior of the electronic message.

17. A method, comprising:
- receiving, via a network, a request to scan an electronic message prior to opening the electronic message, the request including at least a portion of the electronic message and information associated with the electronic message, wherein the information includes an indication of a reputation of a domain associated with the electronic message and a path by which the electronic message is communicated, the path including a series of nodes via which the electronic message is communicated from a source to a destination;
  
  analyzing the received portion of the electronic message and the received information associated with the electronic message to determine whether the electronic message includes unwanted content; and
  
  sending a response to the request to a client via the network responsive to a determination that the electronic message includes unwanted content, wherein the response includes an indication that the electronic message is not safe to open by a user and an indication of a reaction to be performed on the electronic message.
- View Dependent Claims (18, 19, 20)
- - 18. The method of claim 17, wherein the reaction includes one or more of remediation of the electronic message, cleaning of the electronic message, blocking the electronic message from being opened, deleting the electronic message and quarantining the electronic message.
  - 19. The method of claim 17, wherein the electronic message is analyzed by performing a comparison of the electronic message with known data stored in a database.
  - 20. The method of claim 19, further comprising updating the database of known data based on the analyzing.

21. A system, comprising:
- an application program installed on a client for transmitting, via a network, a request to scan an electronic message prior to opening the electronic message, the request including at least a portion of the electronic message and information associated with the electronic message, wherein the information includes an indication of a reputation of a domain associated with the electronic message and a path by which the electronic message is communicated, the path including a series of nodes via which the electronic message is communicated from a source to a destination; and
  
  a server device in communication with the client via the network for receiving the request, analyzing the received portion of the electronic message and the received information associated with the electronic message to determine whether the electronic message includes unwanted content, and sending a response to the request to the client via the network responsive to a determination that the electronic message includes unwanted content, wherein the response includes an indication that the electronic message is not safe to open by a user and an indication of a reaction to be performed on the electronic message.
- View Dependent Claims (22, 23, 24, 25)
- - 22. The system of claim 21, wherein the reaction includes one or more of remediation of the electronic message, cleaning of the electronic message, blocking the electronic message from being opened, deleting the electronic message and quarantining the electronic message.
  - 23. The system of claim 21, wherein the electronic message is analyzed by performing a comparison of the electronic message with known data stored in a database.
  - 24. The system of claim 23, wherein the database of known data is updated based on the analyzing.
  - 25. The system of claim 21, wherein the request is generated automatically in response to a user attempting to open the electronic message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Gartside, Paul Nicholas, Heron, George L., Bolin, Christopher S.
Primary Examiner(s)
TOWFIGHI, AFSHAWN M

Application Number

US14/713,768
Publication Number

US 20150249680A1
Time in Patent Office

704 Days
Field of Search

None
US Class Current
CPC Class Codes

H04L 51/046   Interoperability with other...

H04L 51/212   using filtering or selectiv...

H04L 63/1408   by monitoring network traff...

H04L 63/1425   Traffic logging, e.g. anoma...

H04L 63/145   the attack involving the pr...

H04L 63/1483   service impersonation, e.g....

H04L 67/01   Protocols

Electronic message manager system, method, and computer program product for scanning an electronic message for unwanted content and associated unwanted sites

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

25 Claims

Specification

Solutions

Use Cases

Quick Links

Electronic message manager system, method, and computer program product for scanning an electronic message for unwanted content and associated unwanted sites

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

25 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links