System and method for providing exploit protection for networks
First Claim
1. A system for providing protection from exploits to devices connected to a network, comprising:
- (a) a content filter that receives a message that is directed to at least one of the devices and that includes a header, a body, and an attachment, wherein the content filter determines an encapsulation that has been applied to the attachment prior to the system receiving the message and unencapsulates the attachment;
(b) a decompression component that is coupled to the content filter and that performs at least one decompression of the attachment when the attachment is compressed;
(c) a scanner component that is coupled to the decompression component and that determines whether at least one of the header and the body includes an exploit;
(d) a quarantine component that is coupled to the scanner component and that holds the message when the message includes an exploit; and
(e) a device that receives messages that are directed to the network and that employs at least the scanner component to provide exploit protection for at least one of the messages.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and system for providing protection from exploits to devices connected to a network. The system and method include a component for determining whether an encapsulation has been applied to an attachment and unencapsulating such encapsulated attachments, a component that performs at least one decompression of the attachment when the attachment is compressed, a component that determines whether a header, body, and/or attachment of a message includes an exploit, and a component that holds and optionally cleans messages that include exploits. A device that receives messages that are directed to the network employs the components above to provide exploit protection for at least one of the messages.
118 Citations
19 Claims
-
1. A system for providing protection from exploits to devices connected to a network, comprising:
-
(a) a content filter that receives a message that is directed to at least one of the devices and that includes a header, a body, and an attachment, wherein the content filter determines an encapsulation that has been applied to the attachment prior to the system receiving the message and unencapsulates the attachment;
(b) a decompression component that is coupled to the content filter and that performs at least one decompression of the attachment when the attachment is compressed;
(c) a scanner component that is coupled to the decompression component and that determines whether at least one of the header and the body includes an exploit;
(d) a quarantine component that is coupled to the scanner component and that holds the message when the message includes an exploit; and
(e) a device that receives messages that are directed to the network and that employs at least the scanner component to provide exploit protection for at least one of the messages. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 13, 14, 15, 16, 17, 18)
-
-
12. A method for providing protection from exploits to devices connected to a network, comprising:
-
(a) receiving a message at a node that receives messages that are directed to any of the devices and that causes the message to be scanned for an exploit before forwarding the message toward at least one of the devices, wherein the message includes a header and at least one of a body and an attachment;
(b) determining whether at least one of the header and the body includes the exploit; and
(c) when at least one of the header and the body of the message includes the exploit, quarantining the message.
-
-
19. A system for providing protection from exploits to devices connected to a network, comprising:
-
(a) means for receiving a message that includes a header and at least one of a body and an attachment;
(b) means for determining whether the attachment is encapsulated and for unencapsulating the attachment when the attachment is encapsulated;
(c) means for decompressing the attachment at least one time when the attachment is compressed;
(d) means for determining whether at least one of the header and the body includes an exploit; and
(e) means for quarantining the message when the message includes the exploit.
-
Specification