Embedded anti-virus scanner for a network adapter

US 9,876,818 B2
Filed: 06/08/2015
Issued: 01/23/2018
Est. Priority Date: 12/20/2001
Status: Expired due to Term

First Claim

Patent Images

1. A non-transitory, computer-readable medium encoded with instructions to scan network traffic, the instructions comprising:

instructions to receive packets at a network adapter including a processor positioned thereon;

instructions to assemble the received packets;

instructions to determine, with the processor, whether a file is an executable file, in response to a determination that the received packets complete the file;

instructions to perform a scan of the received packets utilizing the processor to identify a virus, a worm, or a Trojan horse, in response to a determination that the received packets use a hypertext transfer protocol or a file transfer protocol, wherein the processor bypasses the scan of the received packets, in response to a determination that the file is not the executable file; and

instructions to bypass the scan, in response to a determination that the received packets do not use the hypertext transfer protocol or the file transfer protocol.

View all claims

9 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network adapter system and associated method are provided. The network adapter system includes a processor positioned on a network adapter coupled between a computer and a network. Such processor is configured for scanning network traffic transmitted between the computer and the network.

87 Citations

20 Claims

1. A non-transitory, computer-readable medium encoded with instructions to scan network traffic, the instructions comprising:
- instructions to receive packets at a network adapter including a processor positioned thereon;
  
  instructions to assemble the received packets;
  
  instructions to determine, with the processor, whether a file is an executable file, in response to a determination that the received packets complete the file;
  
  instructions to perform a scan of the received packets utilizing the processor to identify a virus, a worm, or a Trojan horse, in response to a determination that the received packets use a hypertext transfer protocol or a file transfer protocol, wherein the processor bypasses the scan of the received packets, in response to a determination that the file is not the executable file; and
  
  instructions to bypass the scan, in response to a determination that the received packets do not use the hypertext transfer protocol or the file transfer protocol.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The medium as recited in claim 1, wherein the scan is performed also in response to a determination that the file is the executable file.
  - 3. The medium as recited in claim 2, wherein a determination whether the file is the executable file is performed in response to the determination that the received packets use the hypertext transfer protocol or the file transfer protocol.
  - 4. The medium as recited in claim 1, wherein the received packets are denied access to a computer in response to a determination that the scan has identified the virus, the worm, or the Trojan horse in the received packets.
  - 5. The medium as recited in claim 1, the instructions further comprising:
    - instructions to transfer the file to a computer in response to a determination that the scan has not identified the virus, the worm, or the Trojan horse in the received packets.
  - 6. The medium as recited in claim 1, the instructions further comprising:
    - instructions to provide an alert, in response to a determination that the scan has identified the virus, the worm, or the Trojan horse in the received packets.
  - 7. The medium as recited in claim 1, wherein the determination that the received packets complete the file is performed in response to the determination that the received packets use the hypertext transfer protocol or the file transfer protocol.

8. A computer, comprising:
- a network driver to communicate with a network adapter including a processor positioned thereon, wherein the processor receives packets, assembles the received packets, performs a scan of the received packets to identify a virus, a worm, or a Trojan horse, in response to a determination that the received packets use a hypertext transfer protocol or a file transfer protocol, and bypasses the scan, in response to a determination that the received packets do not use the hypertext transfer protocol or the file transfer protocol, wherein the processor is configured to determine whether a file is an executable file, in response to a determination that the received packets complete the file, and the processor bypasses the scan of the received packets, in response to a determination that the file is not the executable file; and
  
  a processing unit to receive data from the network driver.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The computer as recited in claim 8, wherein the scan is performed also in response to a determination that the file is the executable file.
  - 10. The computer as recited in claim 8, wherein the received packets are denied access to the computer in response to a determination that the scan has identified the virus, the worm, or the Trojan horse in the received packets.
  - 11. The computer as recited in claim 8, wherein the computer is configured to receive the file in response to a determination that the scan has not identified the virus, the worm, or the Trojan horse in the received packets.
  - 12. The computer as recited in claim 8, wherein an alert is provided, in response to a determination that the scan has identified the virus, the worm, or the Trojan horse in the received packets.
  - 13. The computer as recited in claim 8, wherein the determination that the received packets complete the file is performed in response to the determination that the received packets use the hypertext transfer protocol or the file transfer protocol.
  - 14. The computer as recited in claim 8, wherein a determination whether the file is the executable file is performed in response to the determination that the received packets use the hypertext transfer protocol or the file transfer protocol.

15. A method, comprising:
- communicating, with a network driver of a computer, with a network adapter including a processor positioned thereon, wherein the processor receives packets, assembles the received packets, performs a scan of the received packets to identify a virus, a worm, or a Trojan horse, in response to a determination that the received packets use a hypertext transfer protocol or a file transfer protocol, and bypasses the scan, in response to a determination that the received packets do not use the hypertext transfer protocol or the file transfer protocol;
  
  determining, with the processor, whether a file is an executable file, in response to a determination that the received packets complete the file, wherein the processor bypasses the scan of the received packets, in response to a determination that the file is not the executable file; and
  
  receiving, by a processing unit of the computer, data from the network driver.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method as recited in claim 15, wherein the scan is performed also in response to a determination that the file is the executable file.
  - 17. The method as recited in claim 15, wherein the received packets are denied access to the computer in response to a determination that the scan has identified the virus, the worm, or the Trojan horse in the received packets.
  - 18. The method as recited in claim 15, wherein the file is transferred to the computer in response to a determination that the scan has not identified the virus, the worm, or the Trojan horse in the received packets.
  - 19. The method as recited in claim 15, wherein the determination that the received packets complete the file is performed in response to the determination that the received packets use the hypertext transfer protocol or the file transfer protocol.
  - 20. The method as recited in claim 15, wherein the determining is performed in response to the determination that the received packets use the hypertext transfer protocol or the file transfer protocol.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
McAfee, LLC
Inventors
Rothwell, Anton C., Dennis, William R., Jagger, Luke D.
Primary Examiner(s)
Moorthy, Aravind
Assistant Examiner(s)
Pan, Peiliang

Application Number

US14/733,056
Publication Number

US 20150271191A1
Time in Patent Office

960 Days
Field of Search

726 23, 726 24, 713151, 713152
US Class Current
CPC Class Codes

G06F 21/566   Dynamic detection, i.e. det...

G06F 21/85   interconnection devices, e....

G06F 2221/034   Test or assess a computer o...

G06F 2221/2101   Auditing as a secondary aspect

H04L 63/1416   Event detection, e.g. attac...

H04L 63/145   the attack involving the pr...

Embedded anti-virus scanner for a network adapter

First Claim

9 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Embedded anti-virus scanner for a network adapter

First Claim

9 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others