CONTENT FILTERING OF REMOTE FILE-SYSTEM ACCESS PROTOCOLS
First Claim
1. A method comprisingintercepting by a proxy associated with a network device, logically interposed between a client and a server, a Server Message Block/Common Internet File System (SMB/CIFS) protocol request from the client;
- the proxy issuing the remote file-system access protocol request to the server on behalf of the client;
the proxy buffering into a file buffer associated with the network device data being read from or written to a file associated with a share of the server; and
responsive to a predetermined event in relation to the SMB/CIFS protocol or the file buffer, the proxy determining the existence or non-existence of malicious, dangerous or unauthorized content contained within the file buffer by performing content filtering on the file buffer.
0 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems for content filtering of remote file-system access protocols are provided. According to one embodiment, holding buffers in which data collected from a remote file-system access protocol is stored, a holding buffer context table, a file map table and a usage table corresponding to each holding buffer are created within one or more computer-readable media. References to each of the holding buffers are tracked within the holding buffer context table. References to a common file are mapped to a common holding buffer of the holding buffers with the file map table. Modified and unmodified portions of the holding buffers are tracked using the usage table corresponding to each holding buffer. Responsive to a predetermined event in relation to a holding buffer or the holding buffers, the existence of malicious, dangerous or unauthorized content contained within the holding buffer is determined by performing content filtering on the holding buffer.
-
Citations
28 Claims
-
1. A method comprising
intercepting by a proxy associated with a network device, logically interposed between a client and a server, a Server Message Block/Common Internet File System (SMB/CIFS) protocol request from the client; -
the proxy issuing the remote file-system access protocol request to the server on behalf of the client; the proxy buffering into a file buffer associated with the network device data being read from or written to a file associated with a share of the server; and responsive to a predetermined event in relation to the SMB/CIFS protocol or the file buffer, the proxy determining the existence or non-existence of malicious, dangerous or unauthorized content contained within the file buffer by performing content filtering on the file buffer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A network device comprising:
-
a content processor implementing one or more filters configured to detect the presence of malicious code in data being scanned; a remote file-system access protocol proxy, coupled to the content processor, configured to be logically interposed between a client and a server and to cause content filtering to be performed by the content processor on data transferred between the client and server via a remote file-system access protocol responsive to a predetermined event; and a memory containing therein a plurality of file buffer data structures, the file buffer data structures configured to buffer data being read from or written to a plurality of files associated with a share of the server and map multiple references to individual files of the plurality of files during a remote file-system access protocol session to a single holding buffer corresponding to each of the individual files. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23)
-
-
24. A method comprising:
-
receiving a request to establish a network session at a network device, the request being characterized by a source network address, a destination network address and a remote file-system access protocol; collecting data associated with the network session by intercepting at a proxy associated with the network device, logically interposed between a client and server, a remote file-system access protocol request from the client, or a remote file-system access protocol response from the server; the proxy issuing the remote file-system access protocol request to the server on behalf of the client, or forwarding the remote file-system access protocol response to the client on behalf of the server; and performing content filtering on the collected data. - View Dependent Claims (25, 26, 27, 28)
-
Specification