Managing infectious forwarded messages
First Claim
Patent Images
1. A method for evaluating a file attached to an electronic message for the presence of a virus, the method comprising:
- receiving an electronic message at a computing device, the electronic message including an attachment having a file name, the computing device including at least a first virus detection routine stored in memory; and
executing instructions stored in memory of the computing device, wherein execution of the instructions by a processor of the computing device;
applies at least a signature matching test that outputs a probability that the attachment includes a virus,quarantines the electronic message when the outputted probability that the attachment includes a virus exceeds a predetermined threshold,searches for another virus detection test stored in memory when the outputted probability that the attachment includes a virus does not exceed the predetermined threshold, wherein the other virus detection test found is a probabilistic finite state automata test,applies the probabilistic finite state automata test, wherein the probability that the attachment includes the virus is updated based on the other virus detection test,quarantines the electronic message when the updated probability that the attachment includes a virus exceeds the predetermined threshold,identifies that the message is similar to other messages associated with a computer network, wherein the identification that the message is similar to one or more the other message is based on a model built from known messages;
identifies that an amount of similar message traffic associated with the computer network, wherein the similar message traffic is identified based on the model;
updates the probability that the attachment includes the virus based on the amount of similar message traffic; and
identifies the electronic message is free of viruses when the updated probability that the attachment includes the virus does not exceed the predetermined threshold.
30 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods for managing forwarded infectious messages are provided. Managing electronic message comprises receiving a message, forwarding the message, determining that the forwarded message is infectious after the message has been forwarded and preventing the infectious forwarded message from spreading.
137 Citations
18 Claims
-
1. A method for evaluating a file attached to an electronic message for the presence of a virus, the method comprising:
-
receiving an electronic message at a computing device, the electronic message including an attachment having a file name, the computing device including at least a first virus detection routine stored in memory; and executing instructions stored in memory of the computing device, wherein execution of the instructions by a processor of the computing device; applies at least a signature matching test that outputs a probability that the attachment includes a virus, quarantines the electronic message when the outputted probability that the attachment includes a virus exceeds a predetermined threshold, searches for another virus detection test stored in memory when the outputted probability that the attachment includes a virus does not exceed the predetermined threshold, wherein the other virus detection test found is a probabilistic finite state automata test, applies the probabilistic finite state automata test, wherein the probability that the attachment includes the virus is updated based on the other virus detection test, quarantines the electronic message when the updated probability that the attachment includes a virus exceeds the predetermined threshold, identifies that the message is similar to other messages associated with a computer network, wherein the identification that the message is similar to one or more the other message is based on a model built from known messages; identifies that an amount of similar message traffic associated with the computer network, wherein the similar message traffic is identified based on the model; updates the probability that the attachment includes the virus based on the amount of similar message traffic; and identifies the electronic message is free of viruses when the updated probability that the attachment includes the virus does not exceed the predetermined threshold. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer-readable storage medium having a program embodied thereon, the program executable by a processor to perform a method for evaluating a file attached to an electronic message for the presence of a virus, the method comprising:
-
receiving an electronic message at a computing device, the electronic message including an attachment having a file name, the computing device including at least a first virus detection routine stored in memory; applying at least a signature matching test that outputs a probability that the attachment includes a virus; quarantining the electronic message when the outputted probability that the attachment includes a virus exceeds a predetermined threshold; searching for another virus detection test stored in memory when the outputted probability that the attachment includes a virus does not exceed the predetermined threshold, wherein the other virus detection test found is a probabilistic finite state automata test; applying the probabilistic finite state automata test, wherein the probability that the attachment includes the virus is updated based on the other virus detection test; quarantining the electronic message when the updated probability that the attachment includes a virus exceeds the predetermined threshold; identifying that the message is similar to other messages associated with a computer network, wherein the identification that the message is similar to one or more the other message is based on a model built from known messages; identifying that an amount of similar message traffic associated with the computer network, wherein the similar message traffic is identified based on the model; updating the probability that the attachment includes the virus based on the amount of similar message traffic; and identifying the electronic message is free of viruses when the updated probability that the attachment includes the virus does not exceed the predetermined threshold. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
Specification